Drive by Download attacks
Users browse through web-sites and they are asked to install certain Active X applications for better viewing of the website. Unsuspectingly, users would click “YES” resulting in the installation of mallware / spyware etc. This process is called Drive by Download attacks
Spyware vendors frequently use automated installations of ActiveX controls (a special kind of plug-in program for Microsoft's Internet Explorer web browser) to distribute their software via web sites. These automated installations are initiated when web surfers land on pages that include HTML code to start the download and installation process. These installations may also be initiated by pop-ups spawned by web pages that users visit. As these installations are initiated by web sites and not users, many consumers refer to these automated installations as "drive-by-downloads." Web users often find these "drive-by-downloads" confusing and disorienting, and it is little wonder that many of them would carelessly click through pop-ups on web sites with very little understanding of the programs they are in fact allowing to be installed on their PCs.
This link gives a very good explanation of this process. - http://www.spywarewarrior.com/uiuc/dbd-anatomy.htm
