Drive-by download

Common types of files distributed in drive-by download attacks include computer viruses, spyware, or crimeware.

For example, the DownloadAndInstall API of the Sina ActiveX component did not properly check its parameters and allowed the downloading and execution of arbitrary files from the internet.

The second strategy involves writing shellcode to memory, and then exploiting vulnerabilities in the web browser or plugin to divert the control flow of the program to the shell code.

This often involves downloading and installing malware, but can be anything, including stealing information to send back to the attacker.

This involves monitoring the user's computer system for anomalous changes when a web page is rendered.

[3] Some antivirus tools use static signatures to match patterns of malicious scripts, although these are not very effective because of obfuscation techniques.

[4] Drive-by downloads can also be prevented from occurring by using script-blockers such as NoScript, which can easily be added into browsers such as Firefox.

However, some script-blocking tools can have unintended consequences, such as breaking parts of other websites, which can be a bit of a balancing act.