Drive-by download

Computer security exploitation / From Wikipedia, the free encyclopedia

Dear Wikiwand AI, let's keep it short by simply answering these key questions:

Can you list the top facts and stats about Drive-by download?

Summarize this article for a 10 years old


Drive-by download is of two types, each concerning the unintended download of computer software from the Internet:[1]

  1. Authorized drive-by downloads are downloads which a person has authorized but without understanding the consequences (e.g. downloads which install an unknown or counterfeit executable program, ActiveX component, or Java applet).
  2. Unauthorized drive-by downloads are downloads which happen without a person's knowledge, often a computer virus, spyware, malware, or crimeware.[2]

Drive-by downloads may happen when visiting a website,[3] opening an e-mail attachment or clicking a link, or clicking on a deceptive pop-up window:[4] by clicking on the window in the mistaken belief that, for example, an error report from the computer's operating system itself is being acknowledged or a seemingly innocuous advertisement pop-up is being dismissed. In such cases, the "supplier" may claim that the user "consented" to the download, although the user was in fact unaware of having started an unwanted or malicious software download. Similarly if a person is visiting a site with malicious content, the person may become victim to a drive-by download attack. That is, the malicious content may be able to exploit vulnerabilities in the browser or plugins to run malicious code without the user's knowledge.[5]

A drive-by install (or installation) is a similar event. It refers to installation rather than download (though sometimes the two terms are used interchangeably).

Oops something went wrong: