Exploit Kit: What it is, how drive-by attacks work, and how to block them

Exploit Kit

What it is

An exploit kit is a malicious toolkit on a booby-trapped or hacked website. When you land there, it quietly checks your browser and plugins for known bugs and, if it finds one, uses it to install malware - ransomware, trojans, keyloggers, you name it.

How it works 

  • Lure: ads, search results, or redirects send you to a hidden landing page.

  • Fingerprint: the kit profiles your browser/OS to pick the best exploit.

  • Exploit: it triggers a vulnerability (browser, PDF reader, media codec, etc.).

  • Payload: drops and runs malware - often without a single click.

What you might notice

  • Sudden redirects or a page that loads, pauses, then crashes

  • The browser freezes and a new file appears in Downloads

  • Security tool alerts right after visiting an unfamiliar site

If you suspect exposure 

  1. Disconnect from the internet to stop follow-on downloads.

  2. Run a full anti-malware scan; quarantine, reboot, and scan again.

  3. Clear downloads/cache and remove shady extensions.

  4. Update your browser, OS, and common runtimes immediately.

Prevent it

  • Keep browsers/OS auto-updated; retire legacy plugins and toolbars.

  • Install software only from official sources; avoid “free” codec/update prompts.

  • Use DNS filtering and a reputable EDR/anti-malware.

  • Consider browser isolation/sandboxing for unknown links.

  • For teams: enable web filtering/WAF, block known bad domains, and run least-privilege endpoints.

    Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • Exploit

        What it is An exploit is code or a technique that takes advantage of a vulnerability to make software do something it shouldn’t—run attacker code, dump data, or bypass security. It’s not the whole attack by itself, but the key that opens the door. ...

      • Data Execution Prevention

        What it is Data Execution Prevention (DEP) is a Windows safety net that stops code from running in places it shouldn’t—like the stack or heap. If malware tries to execute from those memory areas, Windows blocks it and shuts the app down instead of ...

      • Malware

        What it is Malware is any software made to harm your device or data. It can steal passwords, lock your files, spy on activity, or hijack your browser. For a quick primer and examples, see our malware explainer. How it spreads Phishing emails and fake ...

      • EDR (Endpoint Detection and Response)

        What it is EDR is your always-on security team for laptops and servers. It watches what’s happening on each device, spots attacks in progress, and helps you respond fast - quarantine, investigate, and clean up. For details on capabilities and use ...

      • XMRig Malware

        What it is XMRig malware is a cryptominer that sneaks onto your PC and secretly mines the Monero (XMR) cryptocurrency using your CPU/GPU. You’ll notice slower performance, hot fans, and higher power bills while attackers collect the coins. It often ...