Drive-by download

In computer security, a drive-by download is the unintended download of software, typically malicious software. The term "drive-by download" usually refers to a download which was authorized by a user without understanding what is being downloaded, such as in the case of a Trojan horse. In other cases, the term may simply refer to a download which occurs without a user's knowledge. Common types of files distributed in drive-by download attacks include computer viruses, spyware, or crimeware.

Drive-by downloads may happen when visiting a website,^[1] opening an e-mail attachment or clicking a link, or clicking on a deceptive pop-up window:^[2] by clicking on the window in the mistaken belief that, for example, an error report from the computer's operating system itself is being acknowledged or a seemingly innocuous advertisement pop-up is being dismissed. In such cases, the "supplier" may claim that the user "consented" to the download, although the user was in fact unaware of having started an unwanted or malicious software download. Similarly if a person is visiting a site with malicious content, the person may become victim to a drive-by download attack. That is, the malicious content may be able to exploit vulnerabilities in the browser or plugins to run malicious code without the user's knowledge.^[3]

A drive-by install (or installation) is a similar event. It refers to installation rather than download (though sometimes the two terms are used interchangeably).

^ Sood, Aditya K.; Zeadally, Sherali (1 September 2016). "Drive-By Download Attacks: A Comparative Study". IT Professional. 18 (5): 18–25. doi:10.1109/MITP.2016.85. ISSN 1520-9202. S2CID 27808214.
^ Olsen, Stefanie (8 April 2002). "Web surfers brace for pop-up downloads". CNET News. Retrieved 28 October 2010.
^ Le, Van Lam; Welch, Ian; Gao, Xiaoying; Komisarczuk, Peter (1 January 2013). Anatomy of Drive-by Download Attack. AISC '13. Darlinghurst, Australia, Australia: Australian Computer Society, Inc. pp. 49–58. ISBN 9781921770234. {{cite book}}: |journal= ignored (help)

[1] Sood, Aditya K.; Zeadally, Sherali (1 September 2016). "Drive-By Download Attacks: A Comparative Study". IT Professional. 18 (5): 18–25. doi:10.1109/MITP.2016.85. ISSN 1520-9202. S2CID 27808214.

[2] Olsen, Stefanie (8 April 2002). "Web surfers brace for pop-up downloads". CNET News. Retrieved 28 October 2010.

[:0-3] Le, Van Lam; Welch, Ian; Gao, Xiaoying; Komisarczuk, Peter (1 January 2013). Anatomy of Drive-by Download Attack. AISC '13. Darlinghurst, Australia, Australia: Australian Computer Society, Inc. pp. 49–58. ISBN 9781921770234. {{cite book}}: |journal= ignored (help)

[1]

[2]

[3]