What's the difference between a drive-by download attack and a drive-by login attack? How can you avoid a drive-by...
login attack? Are there any ways users can protect themselves?
A drive-by download attack happens when a visitor goes to a website or reads an HTML email and malware is downloaded from the site to their system without permission or knowledge. A drive-by login attack works in the same way, but is specifically limited to an individual email or IP address, as opposed to any random visitor who stumbles upon the site. The attacker looks for and compromises a website the intended target is known to frequent, and then sets up a drive-by malware attack to execute just for the one specific target. Attackers are able to get to a specific user by inserting the malicious code into the site code where there are logic checks for a specific email or IP address that would need to be known in advance by the attacker.
In one specific drive-by malware attack, an ecommerce website, using a third-party plug-in to osCommerce, had a vulnerability that was exploited to install the malicious code. The malicious code added in the drive-by login attack to the standard exploit kit checked for vulnerable software to deliver the correct exploit. This way the malicious code was executed on -- and completely compromised -- the endpoint.
Individuals and enterprises can use the same defenses for drive-by login attacks as they currently use for defending against watering hole attacks. Using defense-in-depth security controls like robust patching, least privilege and other controls -- like sandboxes or a secure VM -- will also help protect the enterprise.
Ask the Expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Learn how to prevent drive-by download attacks
Check out ways to adapt your enterprise security program for emerging threats
Find out if click fraud malware is hiding bigger potential threats
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
A new remote access Trojan called UBoatRAT was found spreading via Google services and GitHub. Learn how spotting command-and-control systems can ... Continue Reading
CyberArk researchers created an attack called Golden SAML that uses Mimikatz techniques and applied it to a federated environment. Learn more about ... Continue Reading
The use of botnets to spread Scarab ransomware intensifies the threat for enterprises. Discover the best way to respond to such a threat and protect ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.