Drive-by download
From Wikipedia, the free encyclopedia
Drive-by download means three things, each concerning the unintended download of computer software from the Internet:
[*]Downloads which a person authorized but without understanding the consequences (e.g. downloads which install an unknown or counterfeit executable program, ActiveX component, or Java applet).
[*]Any download that happens without a person's knowledge.
[*]Download of spyware, a computer virus or any kind of malware that happens without a person's knowledge.
Drive-by downloads may happen when visiting a website, viewing an e-mail message or by clicking on a deceptive pop-up window:[1] by clicking on the window in the mistaken belief that, for instance, an error report from the computer itself is being acknowledged, or that an innocuous advertisement pop-up is being dismissed. In such cases, the "supplier" may claim that the person "consented" to the download although actually unaware of having started an unwanted or malicious software download. Websites that exploit the Windows Metafile vulnerability (eliminated by a Windows update of 5 January 2006) may provide examples of drive-by downloads of this sort.
G Data explained another situation: all major web browsers request a favicon at a web page. If this file is not existent, a custom HTTP 404 (not found) page can download a trojan horse.[2]
A drive-by install (or installation) is a similar event. It refers to installation rather than download (though sometimes the two terms are used interchangeably).