What is a drive-by download attack?

A drive-by download is malware that installs on your device simply by visiting a compromised or malicious webpage, without requiring you to click anything. Attackers exploit vulnerabilities in browsers, plugins, or JavaScript engines to execute code automatically. Outdated browsers and unpatched systems are the primary targets. Keeping your browser updated, disabling unnecessary plugins, and using an ad blocker significantly reduce your exposure to these attacks.

How can you tell if a software update prompt is fake?

Fake update prompts typically appear as browser pop-ups or overlays on websites, often claiming your Flash Player, browser, or antivirus is out of date. Legitimate updates come through the application's own update mechanism or your operating system's update center, never through a random webpage. If a website tells you to download an update, close the tab. Check for real updates by opening the application directly and using its built-in update function.

Safe Browsing & Downloads

Spot malicious downloads before they run.

What You'll Learn

Verify software downloads by checking digital signatures and comparing file hashes to vendor-published values
Distinguish between legitimate vendor websites and convincing lookalike download portals
Recognize fake browser update prompts and other social engineering tactics that push malicious downloads
Identify suspicious file extensions and naming conventions that disguise executable files as documents
Execute the correct containment steps after accidentally opening or running a suspicious file

Training Steps

A Routine Wednesday

Welcome to Vertex Digital Solutions! You are Alice, a senior graphic designer who creates marketing materials for the company's clients. It's Wednesday morning and you have a tight deadline for a client presentation. You need some fresh design templates for the project, so you head to a popular free template site.
Browsing for Templates

Alice opens PixelVault, a free design template site she's used before. While browsing the template gallery, a notification appears in the bottom-right corner of the page. It claims her DesignSuite Pro software is critically outdated and needs an immediate security update. It looks like a legitimate software notification.
The Download Page

Clicking the notification opened a new page that appears to be the official DesignSuite download portal. With her deadline looming, Alice doesn't want security vulnerabilities slowing her down. She clicks the download button without thinking twice.
The Download Completes

The download completes quickly. A file named DesignSuite_Update_v4.2.1.exe appears in your Downloads folder. You double-click it to install the update, eager to get back to your design work.
The Antivirus Warning

As soon as you run the file, your antivirus software detects something suspicious. An alert appears warning that the file contains potentially malicious code. The antivirus has quarantined the file, but some initial processes may have already run.
A Costly Decision

Despite the antivirus warning, Alice convinces herself it was just a false positive. She's under deadline pressure and doesn't want to spend time calling IT over what she thinks is nothing. She dismisses the notification and goes back to her design work.
Something's Wrong

Thirty minutes later, Alice's inbox chimes with an automated security alert from Vertex Digital's monitoring system. Someone has logged into her company account from an unfamiliar location. The Trojan stole her credentials before the antivirus could quarantine it.
Realizing the Mistake

Alice feels a chill run down her spine. The antivirus warning wasn't a false positive - it was real. The Trojan managed to steal her credentials and send them to the attacker before it was quarantined. The notification on PixelVault was a malvertising banner , a fake ad designed to look like a legitimate software alert. If only she had reported the antivirus warning immediately instead of dismissing it. Looking back at the download page, several warning signs become clear.
The Fake Domain

The domain itself is another major red flag.
File Extension Warning

The file extension is another critical indicator. .EXE files are executable programs - they can run code on your computer with your permissions. Legitimate software updates are typically: Downloaded directly from official app stores or vendor websites Delivered through the application's built-in update mechanism Signed by the software publisher (shown in Windows UAC prompt) Downloading and running .EXE files from unknown sources is extremely dangerous.

What You'll Learn

Training Steps

A Routine Wednesday

Browsing for Templates

The Download Page

The Download Completes

The Antivirus Warning

A Costly Decision

Something's Wrong

Realizing the Mistake

The Fake Domain

File Extension Warning