Drive-by attacks (Drive-by downloads)Drive-by attacks (Drive-by downloads)
In a drive-by, an attacker adds “bad” code (red box in the drawing) that infects the homepage of a web site.[1]
When you visit an infected site, you don’t notice anything unusual, but your browser may download and install the “bad” software. This software may enlist your computer in a bot-net, or it might spy on you, reading your log-in names and passwords.[2]
What’s tricky is that you’re not aware your computer has been infected, and thousands of computers can be infected in the course of a day.
[1] This is accomplished “sliently” without the knowledge of the webmaster. Usually it's javascript or a reference to a file on another server that contains the evil software.
[2] The attacker may not care about free speech—this may be entirely about economics and the value of having compromised computers that now can send out spam messages all day long. Or it could be about gaining access to your bank accounts.