(also browser-based attack)
Drive-by download definition
A drive-by download attack is a sneaky way for malicious programs to enter users’ devices without their knowledge or consent. These attacks occur when users visit websites after clicking malicious links, downloading bundled software files, or installing suspicious browser extensions. Unlike other cyber attacks, drive-by attacks don’t rely on voluntary user actions to enable the attacks.
Examples of drive-by download attacks
- Web browser exploits: This type of drive-by attack happens when cyber criminals exploit the vulnerabilities of web browsers to plant malware into the users’ system. Other times users visit websites with active malicious codes or download a free browser extension with malicious programs.
- Malvertising: During the malvertising attack, the user clicks on the ad or a pop-up ad containing malicious code. When that happens, malware silently downloads into the user’s device without his notice.
- Rogue software downloads: In this type of cyber attack, tricked users download fake software that is malware. Usually, the users are tricked into downloading such programs voluntarily through social engineering techniques like phony software update notifications, fake antivirus software pop-ups, or phishing emails.
- Watering hole attacks: These attacks take longer to set up but are effective. Cybercriminals compromise or hack popular websites with a fair amount of internet traffic. Users who enter these sites are infected with malware without their knowledge.