What is a drive-by download?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
You click a link in an email. The page loads. You don't click anything, don't download anything, don't fill out any forms. But your computer is now infected.
That's a drive-by download. The name describes exactly what happens: malware installs while you're just "driving by". Visiting the page. The attack works by exploiting vulnerabilities in your browser, browser plugins (PDF readers, media players), or operating system. When the malicious page loads, exploit code runs automatically, finds a vulnerability, and installs malware before you've done anything beyond visiting.
The email connection: phishing emails are often just the delivery mechanism to get you to the exploit page. The email itself is harmless. It's the link destination that does the damage.
What makes these attacks particularly effective is that the victim does nothing obviously wrong. Unlike opening a suspicious attachment, visiting a webpage feels routine and safe. (Which is exactly why attackers use this approach.)
The main defenses: keep browsers and plugins updated (most exploits target known vulnerabilities that patches already fix), use email security tools that scan links before they resolve, and train your team to avoid clicking unexpected links even from recognizable addresses. If you're worried your email links might be getting checked for malicious content, our email header analyzer can help inspect what's happening to your messages in transit.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.