What's the difference between a drive-by download attack and a drive-by login attack? How can you avoid a drive-by...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
login attack? Are there any ways users can protect themselves?
A drive-by download attack happens when a visitor goes to a website or reads an HTML email and malware is downloaded from the site to their system without permission or knowledge. A drive-by login attack works in the same way, but is specifically limited to an individual email or IP address, as opposed to any random visitor who stumbles upon the site. The attacker looks for and compromises a website the intended target is known to frequent, and then sets up a drive-by malware attack to execute just for the one specific target. Attackers are able to get to a specific user by inserting the malicious code into the site code where there are logic checks for a specific email or IP address that would need to be known in advance by the attacker.
In one specific drive-by malware attack, an ecommerce website, using a third-party plug-in to osCommerce, had a vulnerability that was exploited to install the malicious code. The malicious code added in the drive-by login attack to the standard exploit kit checked for vulnerable software to deliver the correct exploit. This way the malicious code was executed on -- and completely compromised -- the endpoint.
Individuals and enterprises can use the same defenses for drive-by login attacks as they currently use for defending against watering hole attacks. Using defense-in-depth security controls like robust patching, least privilege and other controls -- like sandboxes or a secure VM -- will also help protect the enterprise.
Ask the Expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Learn how to prevent drive-by download attacks
Check out ways to adapt your enterprise security program for emerging threats
Find out if click fraud malware is hiding bigger potential threats
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Cross-platform malware enables attackers to leverage their attacks using infected Microsoft Word docs. Expert Nick Lewis explains how the attacks ...continue reading
How was the ATMitch malware able to loot cash machines, then delete itself? Expert Nick Lewis explains how the fileless malware works and how it ...continue reading
DoubleAgent malware is a proof of concept for a zero-day vulnerability that can turn antivirus tools into attack vectors. Expert Nick Lewis explains ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.