Tuesday, December 4, 2007

drive-by download

drive-by download noun [C] /dravba danld/

when programs are installed on an online computer without the user’s knowledge

drive-by downloading noun [U]

“Most users have no idea such a drive-by download has taken place, even as these Trojan horses surreptitiously log their banking passwords or other private information...”
Trading Markets 21st November 2007

Drive-by downloading has also become a huge issue, as the bad guys are now putting stuff on reputable Web sites… It's not good enough to evade dodgy Web sites anymore, as you can automatically download malware by visiting any number of good Web sites.”
ITWeb 31st October 2007


If you’re thinking of doing the majority of your Christmas shopping from the comfort of your home computer, then beware of one of the latest threats posed by cybercriminals: the drive-by download.

A drive-by download occurs when a user inadvertently allows the transfer of information onto their computer, without being asked, and often in complete ignorance that the download occurred. The type of information transferred is typically what is referred to as spyware, software that secretly gathers information about a person, or malware, malicious software which interferes with normal computer functions and can also send personal data about the user to unauthorized parties.

Drive-by downloads can occur by simply visiting a website or reading an e-mail, but are more often triggered by clicking on a deceptive pop-up window, which may look like some kind of harmless advertisement, or an error report from the user’s own computer. They are often contained in those parts of a website not controlled or maintained by the website’s owner, such as banner advertisements, or other (web) widgets, which are small programs used to display things like ads, calendars or web traffic counters.

With recent research suggesting that as many as 600,000 new bits of malware are likely to be released in a year, the risk of succumbing to drive-by downloading is a major concern for Internet users. A recent survey undertaken by Internet search company Google Inc, revealed that as many as 1 in 10 websites were acting as hosts for malware.

Background
The expression drive-by download has been around since about 2002, though it has gained currency more recently in the context of increasing concern about escalating problems with Internet security and Internet-based identity fraud. An alternative term used in the same context is drive-by install/installation.

The core meaning of the adjective drive-by is ‘carried out from a passing vehicle’, as in a drive-by shooting, also sometimes abbreviated to simply ‘a drive-by’. The expression drive-by download therefore presumably takes inspiration from this idea of springing a criminal act on someone before they have chance to defend themselves. Drive-by downloads are similarly sometimes referred to as drive-bys.

The adjective drive-by also occurs more figuratively to describe something performed very quickly and with a lack of care. In the UK, for instance, a drive-by valuation is an assessment of the value of a house or other building by simply looking quickly at the outside of it (and is in fact often conducted from a passing car).

No comments: