We can trace the roots of drive-by downloads back to 1996 and the introduction of ActiveX controls in IE 3
These controls enabled automatic downloads, and so also enabled the bad guys to equip themselves with yet another malware distribution route. Not that I can actually say there were drive-by downloads – as we know them today – happening back in 1996, at least not recorded as such. I’m pretty sure that the IE3 ActiveX controls were the catalyst, and can recall speaking to some hackers at the time who were more than a little excited about the potential of the technology as a malware distribution methodology.
But if IE3 was the catalyst, the true tipping point into the big time of cybercrime would have to wait for 10 years and the release of the first web exploit kits – such as MPack and WebAttacker – in 2006. These kits bundled together the various scripts and tools needed to launch drive-by attacks without requiring the attacker to be an expert hacker. By making it easier to carry out such an attack, popularity was guaranteed; and popular they soon became. Web exploit kits continue to evolve, but the presence of the drive-by download at the core of the bulk of attacks remains to this day. However, the main difference is that they are now even easier to use, thanks to integrated interfaces and even licensed support. They are also cheap and, if you know where to look, plentiful. The end result is a steady stream of victims whose computers and networks are infected with malware through stealthy means.