Drive-by download

A drive-by download is the infection of a computer with malware when a user visits a malicious website.

Drive-by downloads occur without the knowledge of the user. Simply visiting an infected website may be sufficient for the malware to be downloaded and run on a computer. Malware exploits vulnerabilities in a user’s browser (and browser plugins) in order to infect their computer.

Hackers continually attack legitimate websites in order to compromise them, injecting malicious code into their pages. Then, when a user browses that legitimate (but compromised) site, the injected code is loaded by his/her browser, which initiates the drive-by attack. In this manner, the hacker can infect users without having to trick them into browsing a specific site.

To defend against drive-by downloads, you should use an updated browser, coupled with endpoint security software that incorporates web security filtering.

(See Exploit)

Back to Security Threats A-Z

Back to Threatsaurus Home

download Threatsaurus: A-Z of Threats
Download now