Drive-by malware is a type of cyberattack where malicious code is downloaded and executed on a target device without the users knowledge or permission. It refers to the unintentional download of malicious code to a computer or mobile device that leaves the user open to a cyberattack. Drive-by downloads can happen when visiting a website, opening an email attachment or clicking a link, or clicking on a deceptive pop-up window. The malicious code is designed to download malicious files onto the victims device without the user being aware that anything untoward has happened.
Drive-by downloads usually take advantage of a browser, app, or operating system that is out of date and has a security flaw. They can be prevented from occurring by using script-blockers such as NoScript, which can easily be added into browsers such as Firefox. Detection of drive-by download attacks is an active area of research. Some methods of detection involve anomaly detection, which tracks for state changes on a users computer system while the user visits a webpage.
Drive-by attacks are named as such because the download occurs silently, as they pass by, leaving users mystified as to how their device was infected. They are becoming increasingly common as attackers look for new ways to distribute their malware. To prevent and detect drive-by attacks, a number of different steps can be taken, including regularly updating or patching systems with the latest versions of apps, software, browsers, and operating systems, and staying away from insecure or potentially malicious websites.
