A drive-by-download attack happens when a user visits a website, which installs malware without requiring any interaction on their part. A drive-by attacker will embed malicious code on a website. Upon entering the website, the malware will scan your PC for vulnerabilities then implant an exploit kit inside it. More often than not, the website owner is not to blame for these attacks.
The best way to defend yourself from drive-by-download attacks is to frequently update your software and operating system, remove plugins and other software that you don’t need and use a reliable antivirus.