Is it called Drive-by Compromise if attacker provided his website for user to access?

Question

If the website is legitimate and the attacker exploited that legitimate website, and the attacker gains access to a victim's system that visits the website, then it is a drive-by compromise.

However, if the attacker built the website, and the attacker gains access to a victim's system that visits the website, will it be called a drive-by compromise?

Definition of drive-by compromise

No, what you are describing is called phishing. – Dan Landberg Jun 30 '21 at 14:22 — Dan Landberg, Jun 30 '21 at 14:22

score 1 · Answer 1 · answered Jun 30 '21 at 15:08

1

Both are types of Drive-By Compromise. It doesn't matter who owns the site. What matters is that the client is compromised by simply processing the malicious code delivered by the site.

answered Jun 30 '21 at 15:08

schroeder

123,438
55
284
319

Is it called Drive-by Compromise if attacker provided his website for user to access?

1 Answers1