| Most of this page uses content from Wikipedia. The original article was at Drive-by download. The page may have contained some inaccurate or outdated information, so please edit it so it contains better information.|
The list of authors can be seen in the page history. As with Malware Wiki, the text of Wikipedia is available under the Creative Common Attribution-ShareAlike 3.0 License.
Remove this template when most of the Wikipedia content has been removed or the Wikipedia information is outnumbered by non-Wikipedia information.
- Downloads which the user indirectly authorizes but without understanding the consequences. (Eg. by enabling an ActiveX component.)
- Any download that happens without knowledge of the user.
- Download of spyware, a computer virus or any kind of malware that happens without knowledge of the user. Drive-by downloads may happen by visiting a website, viewing an e-mail message or by clicking on a deceptive popup window: the user clicks on the window in the mistaken belief that, for instance, it is an error report from his own PC or that it is an innocuous advertisement popup; in such cases, the "supplier" may claim that the user "consented" to the download though (s)he was completely unaware of having initiated a malicious software download.
- Download of malware through exploitation of a web browser, e-mail client or operating system bug, without any user intervention whatsoever. Websites that exploit the Windows Metafile vulnerability may provide examples of "drive-by downloads" of this sort.
The expression drive-by install (or installation) is completely analogous and refers to installation rather than download (though sometimes the two are used interchangeably).
An example of a drive by download is