Picture the scene: you find malware on your computer, but you have no idea where it came from. You haven't downloaded anything, and you haven't visited any sites considered dangerous. Yet, here on your system is malware, ruining your day.

It is possible that the malware appeared on your computer via a "drive-by" download. You don't need to click download or consent to the installation of the malicious program. Instead, the drive-by download attack automates the entire process.

So, what is a drive-by download attack, and how can you avoid falling victim to one?

What Is a Drive-by Download Attack?

A drive-by download is a relatively common technique an attacker can use to install malware on a victim's computer silently.

An attack usually involves compromising a website in some form, exploiting one of the numerous technologies that help power a site. These may include a corrupt plugin, JavaScript, iframes, short-links, infected advertisements (known as malvertising), and more.

In short, there are many places an attacker can hide malware in preparation for a drive-by download attack.

The idea of the drive-by download attack is to install malware on the victim's computer without them noticing. What makes them particularly devious is that a drive-by download attack can take place on almost any website, even ones you consider "safe."

Sure, they're more likely to occur on a website with more questionable content, such as an illegal streaming site, but a major service traditionally considered secure is a more lucrative target by way of visitor numbers. More visitors equal more potential victims.

How Does a Drive-by Download Attack Work?

There are two primary ways a malicious drive-by download gets onto your computer.

  1. Authorized. While it sounds like an oxymoron, some drive-by downloads rely on the victim authorizing the download without being fully aware of what it is they're doing.
  2. Unauthorized. As you expect, an unauthorized drive-by download infects your computer without any warning or notifications and does not require you to click a link or otherwise.

You can break the primary drive-by download attack types down into smaller segments.

Authorized Drive-by Download

An authorized drive-by download is one that requires user interaction, at least at some point.

For example, an attacker compromises a website and installs an attack vector. But to complete the attack, the victim must still press Download, Okay, or similar. The option to download a malicious file appears unprompted after the victim arrives at the site and is disguised as a regular file.

Related: How to Spot and Avoid Fake Virus and Malware Warnings

Some definitions of an authorized drive-by download stretch even further, covering malware or bundleware accidentally installed as part of another software installer.

Unauthorized Drive-by Download

An unauthorized drive-by download works similarly to an authorized drive-by download attack but is an automated process. Instead of interacting with the compromised part of the website, be that a download link, malicious advert, or otherwise, the malicious website component triggers when you launch the site.

Depending on the type of malware, you might not notice anything different on your computer. The download will complete, and depending on your security settings or the malware variant, install without warning.

Common Malicious File Types for Drive-by Download Attacks

Not all drive-by download attacks look to install a nasty piece of malware on your system. Having anything unexpectedly installed on your computer is worrying, without a doubt. However, not all malicious files are cut from the same cloth.

  • Potentially Unwanted Program (PUP): A PUP, sometimes referred to as a Potentially Unwanted Application (PUA), isn't necessarily a malicious file. Most likely, a PUP is adware, serving up extra adverts where they shouldn't appear. This isn't a catchall, though, and some PUPs do have slightly more malicious intentions. Furthermore, despite their low level of danger, you don't want something interfering with your system or browser, period.
  • Malware: Malware that has a specific use, such as a Trojan that allows backdoor access to a system or an exploit kit that can install other malware types.

Finding malware on your system is far more alarming than a PUP. Furthermore, it is significantly easier to remove a PUP from your system than "proper" malware.

malwarebytes PUP detection and removal

Most PUPs are easily removed using your computer's integrated antivirus program or a third-party tool, such as Malwarebytes.

How to Protect Against Drive-by Download Attacks

The very name of the attack makes it sound like it is difficult to protect against. It's a drive-by, after all, and it targets anyone who launches the compromised website.

However, there are seven things you can do to stop a drive-by download from hitting your computer.

  1. Keep your computer up to date. When an update is available, install it.
  2. Keep your browser updated. Also, consider removing any excess browser extensions. Not only do they slow your browser down, but outdated browser extensions can cause security issues.
  3. You have a couple of options here. You can download and install a third-party antivirus tool or use the integrated antivirus tool on your computer. Windows and macOS both have default antivirus programs. While Linux is much safer, you can always opt for a free Linux antivirus tool for extra security.
  4. You could opt for an antimalware tool, like Malwarebytes. The free version of Malwarebytes is a scan and remove tool, but the premium version offers real-time protection.
  5. The websites you visit make a difference in your exposure to drive-by downloads. As mentioned earlier, major sites are lucrative targets but can be difficult to exploit. At the same time, a website showing an illegal sports stream is much more likely to be easier to exploit. Try to avoid sites that may serve illegal content—though this is far from a guarantee.
  6. Check them out before clicking. Did you know there are several ways you can inspect a link before clicking it?
  7. Script-blocking extensions for your browser can stop some drive-by download exploits from running on your system. However, some script-blocking tools can have unintended consequences, such as breaking parts of other websites, which can be a bit of a balancing act.

Don't Get Caught Out by a Drive-by Download

Now you know the signs and reasons behind a drive-by download attack, you'll be better prepared to avoid one in the future.

Remember, keeping your system and applications up to date really does help!