What is it?

Drive-by downloads occur when a cyber criminal injects malicious code onto a website, and then attempts to entice computer users to visit theinfected page in an attempt to install malware on their PCs.

How does it work?

Cyber criminals create malicious code designed to install their malwareand select a suitable website to host the attack. Finally, they injectthe malicious code into the relevant pages and wait for innocent websurfers to visit.

If the victim’s machine is not running up-to-date IT security softwareand patches, the ensuing exploit attack will likely succeed, and malwarewill be installed.

Should I be worried?

Drive-by downloads present a simple and highly effective way to drawdetails from users’ PCs. A growing number of criminals are alsoinjecting malicious code on to legitimate web pages, compromising thesesites.

How can I prevent it?

There are simple steps to defend against this kind of attack, no matterwhat type of website is hosting it. Consider deploying web securitysolutions that filter based on website categorisation and properlyinspect the code of every website before granting access. It is alsoimportant to ensure that browser applications are fully patched.