Drive-by download, también conocido como Drive-by Exploit, se refiere a un
malware que se instala en tu computadora con el sólo hecho de visitar páginas
en Internet que están infectadas por este tipo de amenaza. No se requiere una
interacción alguna, este malware se encuentra en el mismo código HTML de las
páginas infectadas y el sólo hecho de cargarlas en tu navegador de Internet
hace que se contamine tu computadora.
http://aprenderinternet.about.com/od/Glosario/
This threat refers to the
injection of malicious code in HTML code of websites that exploits
vulnerabilities in user web browsers. Also known as drive-by download attacks, these
attacks target software residing in Internet user computers (web browser,
browser plug-ins and operating system) and infects them automatically when
visiting a drive-by download website, without any user interaction.
ENISA Threat Landscape [Deliverable –
2012-09-28]
In a Drive-by-Download
attack, the web application is tampered (i.e. injected with HTML code) that
instructs a visitor’s browser to download malware located in an attacker’s
controlled server. Most often, tampering is not visually apparent to visitors,
thus innocent victims are unaware of the background download operation. If any
warning appears it is usually dismissed since victims believe it to be part of
the original application. The malware is usually Trojan horse software that
takes control of the victim’s machine, making it part of a larger botnet.
http://www.imperva.com/resources/glossary/glossary.html
Description of a series of
events culminating in the delivery of malware without the end user being aware.
A "Drive-by-Download" begins with a user visiting a website that
hosts an Exploit which then compromises the user's web browser. Once the end
user's system has been "owned", the exploit makes a call to download
the malware. One commonly overlooked aspect of "Drive-by downloads"
is that they require a vulnerable web browser to be compromised by an exploit.
Any security solution that stops the exploit will prevent the malware from
being downloaded.
https://www.nsslabs.com/reports/threat-definitions
Software, often malware,
downloaded onto a computer from the Internet without the user’s knowledge or
permission.
Cybersecurity for Dummies, Palo
Alto Networks Edition, 2014