Drive-By Download

A drive-by download is a download that happens automatically when you visit a webpage. The download starts without you initiating it and may take place in the background without any notification.

Drive-by downloads can occur on both legitimate and malicious websites. For example, if a hacker gains access to a trusted website, he can install code on webpages that will initiate automatic downloads on visitors' computers. Malicious websites, such as those used in phishing and pharming activities, may intentionally download malware on users computers.

There are multiple ways a webmaster can implement drive-by downloads in a webpage. One method is to insert JavaScript code that automatically opens a downloadable file once the page has loaded. Another method involves using an iframe that references another URL, which initiates the download. A less common method is to use a browser plug-in or extension that downloads files automatically. In rare cases, online advertisers can even insert code in display ads that initiate downloads on users computers. Most ad networks now prevent this type of behavior.

While drive-by downloads happen automatically, it is rare that the an executable file will run without your permission. This is because most browsers notify you when a file has been downloaded and will not open downloaded files automatically. Therefore, you can prevent damage from drive-by downloads by simply not opening unknown files downloaded by your web browser.