adimas - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Drive-by login vs. drive-by download attack: What's the difference?

A drive-by download attack targets everyone while a drive-by login attack gets personal. Expert Nick Lewis explains the two attacks and what can be done to stop them.

What's the difference between a drive-by download attack and a drive-by login attack? How can you avoid a drive-by login attack? Are there any ways users can protect themselves?

A drive-by download attack happens when a visitor goes to a website or reads an HTML email and malware is downloaded from the site to their system without permission or knowledge. A drive-by login attack works in the same way, but is specifically limited to an individual email or IP address, as opposed to any random visitor who stumbles upon the site. The attacker looks for and compromises a website the intended target is known to frequent, and then sets up a drive-by malware attack to execute just for the one specific target. Attackers are able to get to a specific user by inserting the malicious code into the site code where there are logic checks for a specific email or IP address that would need to be known in advance by the attacker.

In one specific drive-by malware attack, an ecommerce website, using a third-party plug-in to osCommerce, had a vulnerability that was exploited to install the malicious code. The malicious code added in the drive-by login attack to the standard exploit kit checked for vulnerable software to deliver the correct exploit. This way the malicious code was executed on -- and completely compromised -- the endpoint.

Individuals and enterprises can use the same defenses for drive-by login attacks as they currently use for defending against watering hole attacks. Using defense-in-depth security controls like robust patching, least privilege and other controls -- like sandboxes or a secure VM -- will also help protect the enterprise.

Ask the Expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

Next Steps

Learn how to prevent drive-by download attacks

Check out ways to adapt your enterprise security program for emerging threats

Find out if click fraud malware is hiding bigger potential threats

This was last published in January 2016

Dig Deeper on Malware, virus, Trojan and spyware protection and removal