A drive-by download is the unwanted delivery or execution of malicious content when a user visits a site or interacts with web content. It matters because users can be compromised through ordinary browsing behavior without intentionally downloading obvious malware.
What is a Drive-by Download?
Drive-by downloads occur when malicious code is delivered through websites, compromised pages, advertising content, browser vulnerabilities, or deceptive web elements in a way that triggers unsafe download or execution. Some attacks rely on user clicks, while others exploit browser or plugin weaknesses more directly.
This makes web browsing itself a meaningful attack surface, especially on poorly patched or weakly protected systems.
How Drive-by Downloads Commonly Happen
Common paths include exploit kits, malicious ads, compromised websites, fake update prompts, poisoned redirects, and abuse of browser or plugin vulnerabilities.
Drive-by Download vs. Malvertising
A drive-by download is the harmful outcome or mechanism affecting the user. Malvertising is one of the delivery paths that can lead to that outcome.
Frequently Asked Questions
Can a drive-by download happen without obvious user intent?
Yes. Some attacks rely on minimal interaction or exploit conditions that do not look like traditional downloads to the user at all.
How can organizations reduce drive-by download risk?
Patch management, browser hardening, content filtering, endpoint protection, least functionality, DNS controls, and secure browsing practices all help.
