Ethical Hacking Essentials Practice Test

Drive-by downloads refer to a malicious technique where malware is automatically downloaded to a user's device upon visiting an infected or compromised webpage, without the user being aware of the action. This technique often exploits vulnerabilities in web browsers or their plugins, making it a significant threat.

When a user unknowingly visits such a webpage, it can evaluate the user's system for potential vulnerabilities and subsequently execute code that downloads and installs malware instantly. Users typically do not need to click on anything; the compromise occurs simply by loading the webpage, which is what makes this tactic particularly insidious.

In contrast, phishing attacks generally require the victim to interact with a deceptive email or message, persuading them to reveal sensitive information or download harmful files. SQL injection involves injecting malicious SQL queries into an application, exploiting a vulnerability in a database, which is distinct from direct downloads upon webpage access. Cross-site scripting (XSS) allows attackers to inject malicious scripts into web applications viewed by users but does not inherently involve immediate downloads upon visiting a webpage.

Thus, the characteristics of drive-by downloads are specifically tailored for the scenario in which malware is downloaded simply by visiting a compromised site, making it the correct choice.