‘Drive-by Pharming’ – A New Attack on Routers
According to Oliver Fredrichs, director, Symantec Security Response in a company press release, the recent research reveals an attack that is creating problems to millions of broadband users around the world. The drive-by pharming attacks are very easy to launch. Therefore, it is crucial that consumers protect their broadband routers and wireless access areas.
In one such attack, the captured router can send anyone to the hacker's own phishing site instead of the real site that the user intends. Despite the best preventive practices like using one's own bookmark or typing the URL, the victim ends up at the fraudulent URL. The hacker can also lead a computer, connected to the Net, to a malicious website that installs a bundle of malware on that PC.
A separate informal study from Indiana University shows, half of home brand users are vulnerable to this attack.
The obvious remedy is to change the default password of the router. Other precautions are to switch to Java applets having digital signatures and strictly restrict un-trusted, unsigned applets to access the network. Finally, ISPs can also help by allowing only those DNS traffic, which pass through their own name servers.
Related article: “Loopholes did not cause online banking thefts”: ICBC
» SPAMfighter News - 26-02-2007