adimas - Fotolia
What's the difference between a drive-by download attack and a drive-by login attack? How can you avoid a drive-by login attack? Are there any ways users can protect themselves?
A drive-by download attack happens when a visitor goes to a website or reads an HTML email and malware is downloaded from the site to their system without permission or knowledge. A drive-by login attack works in the same way, but is specifically limited to an individual email or IP address, as opposed to any random visitor who stumbles upon the site. The attacker looks for and compromises a website the intended target is known to frequent, and then sets up a drive-by malware attack to execute just for the one specific target. Attackers are able to get to a specific user by inserting the malicious code into the site code where there are logic checks for a specific email or IP address that would need to be known in advance by the attacker.
In one specific drive-by malware attack, an ecommerce website, using a third-party plug-in to osCommerce, had a vulnerability that was exploited to install the malicious code. The malicious code added in the drive-by login attack to the standard exploit kit checked for vulnerable software to deliver the correct exploit. This way the malicious code was executed on -- and completely compromised -- the endpoint.
Individuals and enterprises can use the same defenses for drive-by login attacks as they currently use for defending against watering hole attacks. Using defense-in-depth security controls like robust patching, least privilege and other controls -- like sandboxes or a secure VM -- will also help protect the enterprise.
Ask the Expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Learn how to prevent drive-by download attacks
Check out ways to adapt your enterprise security program for emerging threats
Find out if click fraud malware is hiding bigger potential threats
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Port scans provide data on how networks operate. In the wrong hands, this info could be part of a larger malicious scheme. Learn how to detect and ... Continue Reading
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading