adimas - Fotolia
What's the difference between a drive-by download attack and a drive-by login attack? How can you avoid a drive-by login attack? Are there any ways users can protect themselves?
A drive-by download attack happens when a visitor goes to a website or reads an HTML email and malware is downloaded from the site to their system without permission or knowledge. A drive-by login attack works in the same way, but is specifically limited to an individual email or IP address, as opposed to any random visitor who stumbles upon the site. The attacker looks for and compromises a website the intended target is known to frequent, and then sets up a drive-by malware attack to execute just for the one specific target. Attackers are able to get to a specific user by inserting the malicious code into the site code where there are logic checks for a specific email or IP address that would need to be known in advance by the attacker.
In one specific drive-by malware attack, an ecommerce website, using a third-party plug-in to osCommerce, had a vulnerability that was exploited to install the malicious code. The malicious code added in the drive-by login attack to the standard exploit kit checked for vulnerable software to deliver the correct exploit. This way the malicious code was executed on -- and completely compromised -- the endpoint.
Individuals and enterprises can use the same defenses for drive-by login attacks as they currently use for defending against watering hole attacks. Using defense-in-depth security controls like robust patching, least privilege and other controls -- like sandboxes or a secure VM -- will also help protect the enterprise.
Ask the Expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Learn how to prevent drive-by download attacks
Check out ways to adapt your enterprise security program for emerging threats
Find out if click fraud malware is hiding bigger potential threats
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Cyberattacks often begin with a port scan attack, which attackers use to find exploitable vulnerabilities on targeted systems. Learn how they work ... Continue Reading
Monitoring process memory is one way to combat fileless malware attacks. Here's what you can do to protect your network against these campaigns. Continue Reading
A screaming channel attack is a new wireless threat making networks -- particularly those with IoT components -- vulnerable. Are there any safeguards... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.