Definitions[]
A drive-by download is:
- A download that the user indirectly authorized but without understanding the consequences.
- A download that happens without the knowledge of the user.
- A download of spyware, a computer virus, or any other kind of malware that happens without the knowledge of the user.
- A download of malware through the exploitation of a web browser, e-mail client or operating system bug, without any user intervention whatsoever.
A drive-by download
“ | [o]ccurs when a user visits a malicious website or a legitimate website that has been compromised, involving malicious software designed to automatically run on the user's computer typically without requiring any additional user interaction.[1] | ” |
Overview[]
A drive-by download may happen when a user visits a website, views an e-mail message or clicks on a deceptive pop-up window: the user clicks on the window in the mistaken belief that, for instance, it is an error report from his own computer or that it is an innocuous pop-up advertisement; in such a case, the "supplier" may claim that the user "consented" to the download, although the user was completely unaware of having initiated a malicious software download.
"The drive-by download attacks are almost exclusively launched through compromised legitimate websites which are used by attackers to host malicious links and actual malicious code."[2]
References[]
- ↑ ACSC 2015 Threat Report, Glossary, at 26.
- ↑ ENISA Threat Landscape 2012: Responding to the Evolving Threat Environment, at 13.
See also[]
This page uses Creative Commons Licensed content from Wikipedia (view authors). | ![]() |