What is a "drive-by infection," and why is it more dangerous than malware you have to download?
Your machine gets infected merely by visiting a web page — no download or click required — because hidden scripts on a compromised site silently install the malware.
The attacker modifies a web page so that its active elements (scripts) automatically push malware onto the visitor's PC the moment the page loads. There's no booby-trapped attachment to open and no "Run?" prompt to ignore — just opening the page is enough.
Why it's especially nasty: the usual advice ("don't open suspicious attachments") doesn't protect you, and the site need not look shady — even legitimate websites of well-known organisations get compromised and used to serve the malware (for example, the "Gozi" e-banking trojan was once spread through a major Swiss news site). So you can be infected on a site you completely trust.
Tip: This is exactly why "Vorbeugen" (keeping your browser, plug-ins, and OS patched) matters so much — drive-by kits target known, unpatched holes in the browser, so a current system removes the very weakness they rely on.