A drive-by download occurs when a user inadvertently downloads malicious software onto their device simply by visiting a compromised or malicious website. This type of attack exploits vulnerabilities in web browsers, plugins, or operating systems, often without any user interaction or knowledge.