Drive-by-Download is a Web-based attack that targets at downloading and executing malwares on the client side without the user’s notice or consent. It usually takes HTML elements (e.g. JavaScript, VBScript, CSS) as attack vectors, and exploits vulnerabilities in browser and plugins to launch attacks. Drive-by-Download represents as an HTML page or a group of inline-linked HTML pages/scripts. After browsing these pages, vulnerable client sides will automatically download and execute malware. Through the pull-based attack mode, Drive-by-Download can effectively and secretly spread malware to clients and has become an important way to spread malware. In recent years, both the offense-side and defense-side make ongoing development. This paper first introduces the mechanisms and features of Drive-by-Download. Then the paper summarizes and discusses researches on detection, analysis and prevention of Drive-by-Download. Trends of Drive-by-Download and some possible research directions will be discussed at last.