Drive-by Download

Dennis Faas's picture

The expression 'drive-by download' is used in four increasingly common meanings:

1. Downloads which the user indirectly authorized but without understanding the consequences. For example: by installing an unknown ActiveX component or Java applet.

Note that Microsoft Internet Explorer uses the ActiveX scripting language, whereas Mozilla Firefox does not; thus, many argue that Firefox is considerably more secure than Internet Explorer because it is not susceptible to ActiveX-based attacks. (Source:

2. Any download that happens without knowledge of the user.

3. A download of spyware, a computer virus or any kind of malware that happens without knowledge of the user.

Drive-by downloads may happen by visiting a website, viewing an email message or by clicking on a deceptive popup window: the user clicks on the window in the mistaken belief that, for instance, it is an error report from his own PC or that it is an innocuous advertisement popup; in such cases, the "supplier" may claim that the user "consented" to the download though s/he was completely unaware of having initiated a malicious software download.

4. Download of malware through exploitation of a web browser, email client or operating system bug, without any user intervention whatsoever. Websites that exploit the Windows Metafile vulnerability may provide examples of "drive-by downloads" of this sort.

Drive-by Installation Vs Drive-by Download

The expression drive-by install (or installation) is completely analogous and refers to installation rather than download (though sometimes the two are used interchangeably).

Drive-by Download Trends

In April 2007 researchers at Google discovered hundreds of thousands of web pages performing drive-by downloads.

This document is licensed under the GNU Free Documentation License (GFDL), which means that you can copy and modify it as long as the entire work (including additions) remains under this license.

Rate this article: 
Average: 1 (1 vote)