A drive-by download is a covert means by which malware attaches itself to the user’s devices without the victim ever knowing. It can happen in a variety of ways, from simply opening a link to downloading legitimate software and even installing extensions and plugins for your browser. Drive-by downloads can occur without the user taking any action, whether active or passive.
Drive-by download attack examples
- Web browser exploits: Drive-by download attacks of this nature involve the attacker finding and exploiting any flaws in the user’s browser to infect their system with malware.
- Malvertising: A malvertising attack occurs when the victim clicks on an ad (pop-up or otherwise), and, unknown to them, the ad contains malicious code that quietly downloads itself into the system.
- Rogue software downloads: Here, the attacker tricks the users into downloading counterfeit software which itself is malware. These types of attacks often come as social engineering scams like fake software updates, phishing emails and pop-ups.
- Watering hole attacks: This type of attack involves infecting a popular website with a virus and waiting until its many users visit and covertly infect their systems too.