What Are Drive-by Downloads? Why You Should Be Careful

Last updated June 23, 2021
Written by:
Sydney Butler
Sydney Butler
Privacy & Security Writer

Most malware that ends up on your computer is the result of the user installing questionable software or running email attachments from unknown sources. On the other hand, a drive-by download puts software you don't want on your computer by piggybacking on otherwise legitimate software - it uses your permission to install an application you really want to tailgate onto your system.

In this short article, we will describe what a drive-by download attack is, what it looks like, and the two main variations they come in.

The Two Types of Drive-by Download

While all drive-by downloads involve usurping your permissions for legitimate software to install unwanted software, most drive-by downloads do not involve explicit malware.

The most common form of drive-by involves attaching non-malicious software packages to the main package. Users even have the option not to install these unwanted programs. During the installation, you'll be given the option to uncheck the boxes that add these programs. The thing is, most people just click next, next, next! So they completely miss the fact that they are "consenting" to the installation of programs they don't want.

While these programs might not be malicious per se, they can disrupt your computer. This is why malware scanning software now has a category known as "PUPs" or "PUAs." That is potentially unwanted programs and applications.

The second variant is the one that contains malicious code. The code is piggybacked onto a legitimate program, and when you OK the installation of that software, you also let the malware in.

Typical Drive-by Attacks

The more benign type of drive-by download that installs spammy, junk, or adware software on your computer can't really be classified as an "attack" in the usual sense. Indeed, it seems that when cybersecurity people use the term "Drive-by download," it's mainly the malicious variant of the technique they're referring to.

The non-malicious PUP variant exists mainly to make money from advertising clicks or to get you to use a trial version of a software, hoping that you might end up liking and buying it.

That isn't very pleasant, but it's hardly the end of the world. You can get rid of these types of junk software packages by uninstalling them the usual way or, at worst, using an adware removal tool. They don't damage your data, steal your information, or otherwise do serious damage.

Malicious drive-by download attacks can be devastating, especially since you've given the malicious code administrator-level permission to do its work.

These attacks can include the hijacking of your entire device. Letting the malware author attach your device to a botnet or infect other devices connected to it over the network or USB. You could also be the victim of extreme spying. This includes recording you via your webcam and microphones, recording your screen, and logging all your keypresses. Some malware might hold your data to ransom, delete it, or permanently brick your device. Scary stuff!

Intersting Read: What Is a Ransomware Attack? What Can You Do?

How a Typical Drive-by Download Attack Works

There are two ways that a drive-by attack can play out. The first is where you accidentally provide permission to the malicious code by performing some sort of action. You're clicking on a button that tells your operating system or web browser that the software should have elevated permissions.

Don't feel too bad. The actual message you read on the popup probably has nothing to do with the actual malware. It's usually a button to take part in a fake giveaway, or it's a scareware-style message saying (ironically) that you have malware or something along those lines. That isn't good, but you can avoid it by simply not clicking on these notifications. With a bit of experience, they become more obvious.

The really scary drive-by is one that happens silently. For example, but simply visiting a compromised site, your system could be infected. This second method does rely on exploiting security vulnerabilities in your browser or operating system.

So it's not a given that anyone visiting a compromised site will be infected. However, for the malware author, it's worth it to only infect the few machines in the wild that still have a particular vulnerability. Of course, a day zero exploit is the jackpot since it's likely to infect every machine that visits a given site.

Preventing Drive-by Downloads

Now that we know what a drive-by download attack is, it's time to talk about how you can prevent it from happening in the first place. Many of these tips are, of course, good for all types of malware, but these should help make it less likely you'll fall victim:

That's the least you need to know! Be careful out there and cool it on the reckless software downloads and visits to the dark side of the web. If you really want to check out the back alleys of the internet, consider doing it from inside a disposable virtual machine!



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: