Drive-by downloads can occur on both legitimate and malicious websites. For example, if a hacker gains access to a trusted website, he can install code on webpages that will initiate automatic downloads on visitors' computers. Malicious websites, such as those used in phishing and pharming activities, may intentionally download malware on users computers.
While drive-by downloads happen automatically, it is rare that the an executable file will run without your permission. This is because most browsers notify you when a file has been downloaded and will not open downloaded files automatically. Therefore, you can prevent damage from drive-by downloads by simply not opening unknown files downloaded by your web browser.