What Is Drive-by Download?

Drive-by downloads are a type of social engineering which happens when visiting a website and you are prompted for a download without initiating it, when viewing an e-mail message with software that allows javascript to run, by clicking on a deceptive pop-up window that prompts you to install the latest version of flash and you click yes, or no and both or just yes result in a download prompt for an executable. In such cases, the “supplier” may claim that the user “consented” to the download if only delivering on the yes button being clicked, the user was unaware of having started an unwanted or malicious software download as they were deceived by social engineering.


99% of drive-by-downloads result in the download of what is known as “adware” or “PUPs” (Possibly unwanted programs) not “malware” as most of their infrastructure is located in the United States and they seek to profit from your download without risking a lawsuit. Therefore, groups delivering drive-by-download software try to take measures to legalize their extremely shady practices. Most commonly you will see a site that will tell you your version of Java or Flash is out of date and you need to upgrade right now, they will inform you to click an install or download link which is packed with adware. They will typically have a very small disclaimer as well which if you read will explain vaguely what you are really downloading.


A drive-by download will usually take advantage of (or “exploit”) a browser, app, or operating system that is out of date and has a security flaw. This initial code that is downloaded is often very small (so you probably wouldn’t notice it), since its job is often simply to contact another computer where it can pull down the rest of the code on to your smartphone, tablet, or computer. Often, a web page will contain several different types of malicious code, in hopes that one of them will match a weakness on your computer.

These downloads may be placed on otherwise innocent and normal-looking websites. You might receive a link in an email, text message, or social media post that tells you to look at something interesting on a site. When you open the page, while you are enjoying the article or cartoon, the download is installing on your computer.

Security researchers detect drive-by downloads by keeping track of web addresses that they know have a history of malicious or suspicious behavior, and by using crawlers to wander the Web and visit different pages. If a web page initiates a download on a test computer, the site is given a risky reputation. Links in spam messages and other communications can also be used as source lists for these tests.

How to protect yourself

To avoid being infected by drive-by downloads, computer users need to do three things.


First, set up the user accounts so that all regular users have limited permissions and cannot modify applications or the operating system. Create a separate administrator account to be used only when installing, updating or deleting software. Do not use the administrator account to browse around the Web or read emails.


Second, set the computer so that operating-system updates are automatically installed, and turn on whatever firewalls are available. (If you have a wireless router, its firewall should also be activated.)


Third, install a robust anti-virus software product, set it to automatically update itself with the latest malware definitions, and make sure it performs regular full-system scans.


Many free anti-virus products are available, but the paid ones do a better job of protecting Web browsers and email clients from drive-by downloads.


Smartphone and tablet users need to take different precautions. Owners of Apple iOS devices such as the iPhone, iPad and iPod Touch should avoid "jailbreaking" their devices and should install Apple system updates.