A drive-by download is the covert installation of malware simply by visiting a compromised or manipulated website. The victim does not need to click or download anything — the exploit leverages vulnerabilities in the browser, plugins, or operating system.
Attackers place exploit kits on hacked websites or run malicious ads (malvertising). The visitor’s browser is automatically probed for vulnerabilities and, if successful, infected with malware. Countermeasures include up-to-date browsers and operating systems, disabled or sandboxed plugins, Content-Security-Policy headers on your own sites, and web proxy filtering with malware detection.