If you fall victim to malware, you might hear that the vector for infection is a “driveby download.” What is a driveby download, and how does it happen?
A driveby download is when you inadvertently or mistakenly download software. It may or may not actually execute, and it may or may not actually leave a persistent installation behind post-execution. Whether it does either or both of these things can depend on your user’s permissions on your computer, and also on the presence of software vulnerabilities. Driveby downloads may take advantage of vulnerabilities in your operating system or installed applications in order to perform a privilege escalation attack, where they can gain greater control over your computer than your current user actually has permissions for.
Even if a driveby does not actually permanently install software, it can still cause damage. It may execute in memory only, and be used to send spam, conduct network scanning, or any other activity that a normal user of the system might perform. Some malware might, for example, connect to all your network drives and enumerate files you can see while logged in, evaluating them for confidential or personal information of a certain sort, and deliver those files back to the attacker.