The IT Law Wiki

Drive-by download

32,085pages on
this wiki
Add New Page
Add New Page Talk0

Definitions Edit

A drive-by download is:

A drive-by download

[o]ccurs when a user visits a malicious website or a legitimate website that has been compromised, involving malicious software designed to automatically run on the user's computer typically without requiring any additional user interaction.[1]

Overview Edit

A drive-by download may happen when a user visits a website, views an e-mail message or clicks on a deceptive pop-up window: the user clicks on the window in the mistaken belief that, for instance, it is an error report from his own computer or that it is an innocuous pop-up advertisement; in such a case, the "supplier" may claim that the user "consented" to the download, although the user was completely unaware of having initiated a malicious software download.

"The drive-by download attacks are almost exclusively launched through compromised legitimate websites which are used by attackers to host malicious links and actual malicious code."[2]

References Edit

  1. ACSC 2015 Threat Report, Glossary, at 26.
  2. ENISA Threat Landscape 2012: Responding to the Evolving Threat Environment, at 13.

See also Edit

This page uses Creative Commons Licensed content from Wikipedia (view authors). Smallwikipedialogo.png

Also on Fandom

Random Wiki