The IT Law Wiki

Definitions[]

A drive-by download is:

A drive-by download

[o]ccurs when a user visits a malicious website or a legitimate website that has been compromised, involving malicious software designed to automatically run on the user's computer typically without requiring any additional user interaction.[1]

Overview[]

A drive-by download may happen when a user visits a website, views an e-mail message or clicks on a deceptive pop-up window: the user clicks on the window in the mistaken belief that, for instance, it is an error report from his own computer or that it is an innocuous pop-up advertisement; in such a case, the "supplier" may claim that the user "consented" to the download, although the user was completely unaware of having initiated a malicious software download.

"The drive-by download attacks are almost exclusively launched through compromised legitimate websites which are used by attackers to host malicious links and actual malicious code."[2]

References[]

See also[]


This page uses Creative Commons Licensed content from Wikipedia (view authors). Smallwikipedialogo.png