What is it?
Drive-by downloads occur when a cyber criminal injects malicious code on to a website, and then attempts to entice computer users to visit the infected page in an attempt to install malware on their PCs.
How does it work?
Cyber criminals create malicious code designed to install their malware and select a suitable website to host the attack. Finally, they inject the malicious code into the relevant pages and wait for innocent web surfers to visit.
If the victim's machine is not running up-to-date IT security software and patches, the ensuing exploit attack will likely succeed, and malware will be installed.
Should I be worried?
Drive-by downloads present a simple and highly effective way to draw details from users' PCs. A growing number of criminals are also injecting malicious code on to legitimate web pages, compromising these sites.
How can I prevent it?
There are simple steps to defend against this kind of attack, no matter what type of website is hosting it. Consider deploying web security solutions that filter based on website categorisation and properly inspect the code of every website before granting access. It is also important to ensure that browser applications are fully patched.