drive-by download

What is a drive-by download?

A drive-by download is a program that is automatically downloaded to your computer without your consent or even your knowledge. Unlike a pop-up download, which asks for assent (albeit in a calculated manner likely to lead to a "yes"), a drive-by download can be initiated by simply visiting a Web site or viewing an HTML e-mail message. If your computer's security settings are lax, it may be possible for drive-by downloads to occur without any further action on your part.

Frequently, a drive-by download is installed along with a user-requested application. (In this case, the unwanted application is sometimes called a barnacle.) For example, a file sharing program might include a spyware program that tracks and reports user information for targeted marketing purposes. An associated adware program can then generate pop-up advertisements using that information.

Xupiter, an Internet Explorer toolbar program, was frequently installed as a drive-by download in the early 2000s. The program replaced a user's home page, changed browser settings, and used a redirect to take all searches to the Xupiter Web site. In some versions, the program initiated drive-by downloads of other programs. Furthermore, although it came with an uninstall utility, Xupiter was quite challenging for the average computer user to remove.

Drive-by downloads continue to be a major security issue online. In April 2007, researchers at Google discovered hundreds of thousands of Web pages that initiated drive-by downloads. One in ten pages was found to be suspect. Sophos researchers in 2008 reported that they were discovering more than 6,000 new infected Web pages every day, or about one every 14 seconds. Many of these infections are connected to botnets, in which each PC is turned into a zombie that may then be directed to further malicious activity, like spam or DDoS attacks.

This was last updated in May 2009

Continue Reading About drive-by download

Dig Deeper on Windows 10 security and management