Welcome to the Computer Security Wiki! You can help us by expanding stubs, create new articles and improve current articles.
You can also help us by logging-in or creating an account!

Drive-by download

From Malware Wiki
Jump to: navigation, search

Stubsymbol.png This article is a stub. You can help by editing it.

Most of this page uses content from Wikipedia. The original article was at Drive-by download. The page may have contained some inaccurate or outdated information, so please rewrite some parts to avoid plagiarism.
The list of authors can be seen in the page history. As with Malware Wiki, the text of Wikipedia is available under the Creative Common Attribution-ShareAlike 3.0 License.
Remove this template when most of the Wikipedia content has been removed or the Wikipedia information is outnumbered by non-Wikipedia information.

The expression drive-by download is used in four increasingly strict meanings:

  1. Downloads which the user indirectly authorizes but without understanding the consequences. (Eg. by enabling an ActiveX component.)
  2. Any download that happens without knowledge of the user.
  3. Download of spyware, a computer virus or any kind of malware that happens without knowledge of the user. Drive-by downloads may happen by visiting a website, viewing an e-mail message or by clicking on a deceptive popup window: the user clicks on the window in the mistaken belief that, for instance, it is an error report from his own PC or that it is an innocuous advertisement popup; in such cases, the "supplier" may claim that the user "consented" to the download though (s)he was completely unaware of having initiated a malicious software download.
  4. Download of malware through exploitation of a web browser, e-mail client or operating system bug, without any user intervention whatsoever. Websites that exploit the Windows Metafile vulnerability may provide examples of "drive-by downloads" of this sort.

The expression drive-by install (or installation) is completely analogous and refers to installation rather than download (though sometimes the two are used interchangeably).

An example of a drive by download is Goggle.

In April 2007 researchers at Google discovered hundreds of thousands of web pages performing drive-by downloads.<ref>The ghost in the browser: analysis of web-based malware</ref><ref>Google searches web's dark side</ref>


<references />

External links