What is a drive-by download?

Featured image

Share this article

What is a drive by download - Paubox

A drive-by download is the unintentional download of malicious code onto a device. Designed to trick users into visiting a compromised website, drive-by download attacks give hackers an opportunity to gain remote control of a system, steal credentials, and destroy important data. 

With the remote work landscape leaving organizations more vulnerable to cybersecurity risks, now is a critical time to stay alert of this common threat. Keep reading to learn how drive-by downloads work and some key strategies for reducing your chance of exposure. 

SEE ALSO: Cybersecurity challenges of remote working

What is a drive-by download? 

A drive-by download is any automatic installation of software that occurs without a user’s knowledge. While authorized downloads require some level of interaction such as pressing “download” or clicking a link, unauthorized types are launched solely from visiting an infected web page. This means that the download will occur immediately with no initial prompts or warnings. 

Cybercriminals can leverage drive-by downloads to upload a series of harmful applications to a device. This may include botnets that spread spam, ransomware with data-encryption capabilities, and keyloggers that enable access to passwords and other sources of private information. 

Where do drive-by downloads come from? 

Hackers often trick users into visiting a compromised web page by incorporating malicious links and attachments into seemingly legitimate sites. They can also be hidden in authentic-looking emails, social media posts, and text messages. Once clicked, the attack can occur straight from the website itself or indirectly through malvertising.

Additionally, drive-by downloads may arrive in the form of a deceitful computer program. In these cases, users can be misled into moving forward with an illegitimate virus scan or consenting to a system update. In reality, they are falling victim to a Trojan or other type of malware.

How to prevent an attack 

Most drive-by downloads are accomplished by taking advantage of security flaws such as out-of-date browsers, old operating systems, and unpatched plugins. Therefore, the best line of defense is making regular updates a top priority. Additional protective measures include: 

  • Eliminate any unnecessary apps, add-ons, and software from your computer. 
  • Avoid navigating unfamiliar and non-reputable websites including file-sharing pages and platforms that serve pirated content. 
  • Before agreeing to a security pop-up, keep an eye out for grainy images, spelling errors, and other suspicious indicators.
  • When in doubt, hover over URLs in emails to check for inconsistencies between the text and the link.
  • Install a firewall to actively monitor for potential threats. 
  • Use an ad-blocker to lower the risk of an advertising-based attack. 

Stay proactive with Paubox 

While browsers are continuing to implement new protections against drive-by downloads, cybercriminals are also steadily advancing their methods and finding different ways to outsmart systems. Mindful browsing is a smart first move to safeguard your information, but strong email security is a crucial next step. 

Built to send HIPAA compliant email by default, Paubox Email Suite offers automatic email encryption to proactively defend your data from cyberattacks. With email serving as a common entry point to a drive-by download, our Plus and Premium plan levels also feature inbound email security tools that help stop threats at the source. 

Our patent-pending feature Zero Trust Email leverages email AI to create a strict identity verification process to confirm the authenticity of a message, while our patented ExecProtect feature intercepts display name spoofing attempts before they even arrive in your inbox. 

Try Paubox Email Suite Plus for FREE today.
Author Photo

About the author

Sara Uzer

Read more by Sara Uzer

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022