Drive-by downloads from the trenches

Drive-by download is a term used to describe a download that happens without the knowledge or conscious intervention of the computer user. In computer security terms, a drive-by download is usually triggered by the exploitation of a vulnerability in an Internet browser. The file that is downloaded is usually a malicious program that installs itself on the victims computer, or is an installer for another malicious program. In this paper, we describe the problem posed by drive-by downloads from different perspectives. We also explain the difficulties of dealing with drive-by infections and propose various approaches that could solve part of the problem. Drive-by downloads are a prime example of the exponential rate at which malware infection can increase on the Internet. The primary purpose of this paper is to bring the drive-by download problem to the attention of the research community, in an effort to inspire further research initiatives in this area.