Date First Published: 18th May 2023
Topic: Cybersecurity
Subtopic: Threats To Systems, Data & Information
Article Type: Computer Terms & Definitions
Difficulty: MediumDifficulty Level: 7/10
Learn more about what pharming is in this article.
A drive-by download is a vulnerability which unknowingly downloads and installs things on a computer without the user's permission or knowledge. Drive-by downloads are often designed to exploit vulnerabilities in web browsers, applications, and operating systems. They may also be caused by malware installed on the user's computer which downloads files without their permission and tries to automatically run them.
All the user has to do for the download to take place is "drive by" and it does not require any other user interaction, like clicking the download button or opening an email attachment. Because no user interaction is required, they are one of the most dangerous types of vulnerabilities and are a way for attackers to sneakily infect a device with malware.
Drive-by downloads work by automatically downloading files without the user's permission. They often sneakily run in the background without your permission. Some may try to run files without your permission and exploit vulnerabilities. Below is information on how these exploits work.
If you visit the exploit kit landing page, the exploit kit analyses your device to search for potential vulnerabilities and determine if you can be targeted. They often analyse your operating system, web browser, IP address, plugins, and more. If you are considered to be an appropriate target for that exploit, the exploit kit will exploit the detected vulnerabilities to carry out the drive-by-drive download. If you are not an appropriate target for that exploit, you might be redirected to another page that tries to trick you into downloading malware. Getting your computer infected with the malware would require you to download and run the file.
Your browser will not notify you about the drive-by-download in progress. The download bar will show nothing because these types of exploits are designed to download malicious files in a way that your browser won't be able to detect. A lot of people wonder how they can avoid running the file that has been downloaded on their system without their permission. Like the download, the file can also be run in a way that your operating system won't detect. It will sneakily download and run.
Your antivirus might also not be able to detect and block the malicious file from running as cybercriminals try to find ways to get around detection mechanisms even if your antivirus is up to date. For more information about whether it is possible to get a virus just by visiting a website, see this article.
Even though drive-by downloads can happen automatically and download files on your computer in the background, getting infected with malware just by an automatic drive-by download is getting rarer and rarer. As of now, it is very unlikely that an executable file will run without your permission. Even if they download on your computer, they don't put your computer at any risk unless you open and run it. It would need to be installed before it could infect your computer.
Getting infected with malware from a drive-by download will very often require more user interaction than simply visiting a website. These security risks only exist due to poor security practices, such as delaying applying important security patches, leaving users vulnerable to exploits. For security reasons, no browsers will automatically run executable files without the user's permission.
Below are five steps to prevent drive-by downloads.
If so, it is important that you tell me as soon as possible on this page.
Network Services Network Setups Network Standards Network Hardware Network Identifiers Network Software Internet Protocols Internet Organisations Data Transmission Technologies Web Development Web Design Web Advertising Web Applications Web Organisations Web Technologies Web Services SEO Threats To Systems, Data & Information Security Mechanisms & Technologies Computer Hardware Computer Software Ethics & Sustainability Legislation & User Data Protection