Drive-By Download

TECHNICAL DEFINITION

A drive-by download is a cybersecurity attack mechanism where malware, often ransomware or spyware, is covertly downloaded and installed onto a user's system by exploiting web browser or plugin vulnerabilities (e.g., ActiveX, Java, Flash) without the user's explicit consent or knowledge, typically upon visiting a malicious or compromised website. This type of attack leverages exploit kits to deliver the payload silently, posing a significant threat to endpoint security.

BACKGROUND

A cyberattack occurs when there is an unauthorized action against computer infrastructure that compromises the confidentiality, integrity, or availability of its content.

SYNONYMS & ALIASES

• Silent download
• Involuntary download
• Automatic malware download
• Browser exploit download

USAGE NOTE

This term is commonly used in discussions about browser-based exploits and web-borne malware delivery methods, emphasizing the lack of user interaction.

DEVELOPERS

Organizations developing technology related to Drive-By Download.

• CrowdStrike

  CrowdStrike provides endpoint protection and threat intelligence platforms that detect and prevent exploits and malware often delivered through drive-by downloads by analyzing behavioral patterns and indicators of attack in real-time.

• Palo Alto Networks

  Palo Alto Networks offers next-generation firewalls and the Cortex XDR platform, which provide advanced threat prevention, URL filtering, and exploit prevention capabilities to block malicious websites and the download of unwanted software characteristic of drive-by attacks.

• Zscaler

  Zscaler's cloud-native security platform acts as a secure web gateway, inspecting all internet traffic in real-time to detect and block malicious content, exploit kits, and other threats associated with drive-by downloads before they reach user endpoints.

• Sophos

  Sophos develops endpoint and network security solutions, including Intercept X, which features exploit prevention, anti-ransomware, and deep learning AI to protect against the stealthy techniques and payloads used in drive-by downloads.

• Microsoft

  Microsoft provides comprehensive cybersecurity through Microsoft Defender for Endpoint and browser security features in Microsoft Edge, which actively detect and block malicious scripts, exploits, and unwanted file downloads originating from compromised or malicious websites.

• Fortinet

  Fortinet offers a broad range of cybersecurity solutions, including FortiGate next-generation firewalls, FortiClient endpoint protection, and FortiSandbox, which collectively provide multi-layered defense against web-based threats and zero-day exploits utilized in drive-by download attacks.

• Check Point Software Technologies

  Check Point develops network, cloud, and endpoint security solutions, offering advanced threat prevention, URL filtering, intrusion prevention, and sandboxing capabilities to detect and block malicious content and exploits used in drive-by downloads.