Web Hosting News

  Home arrow Web Hosting News arrow Page 3 - Pharming a Scary Harvest
Web Hosting Articles  
Web Hosting FAQs  
Web Hosting How-Tos  
Web Hosting News  
Web Hosting Reviews  
Web Hosting Security  
Weekly Newsletter 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Contact Us 
Site Map 
Privacy Policy 
  >>> SIGN UP!  
  Lost Password? 

Pharming a Scary Harvest
By: Terri Wells
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 2

    Table of Contents:
  • Pharming a Scary Harvest
  • Pharming in the News
  • New Worries: Drive-by Pharming
  • Protecting Yourself

  • Rate this Article: Poor Best 
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article




    Pharming a Scary Harvest - New Worries: Drive-by Pharming

    (Page 3 of 4 )

    A new wrinkle in pharming has been reported by eWeek and other online news sources. It was discovered by researchers at Symantec and the Indiana University School of Infomatics. Dubbed "drive-by pharming," it is particularly scary because all a victim needs to do is view a web page to allow a hacker to make "substantive configuration changes to your home broadband router or wireless access point," according to Zulfikar Ramzan, writing in his blog on Symantec's web site. Merely from viewing the page, Ramzan explained, "attackers gain complete control over the conduit by which you surf the Web, allowing them to direct you to sites they designed (no matter what Web address you direct your Web browser to)."

    In a drive-by pharming attack, hackers create a Web page that includes malicious JavaScript code. When someone visits that page, the code, running in the context of the browser, uses a technique known as "cross site request forgery" and logs into that person's local home broadband router. Since about fifty percent of those who own such routers have never changed that password from the factory default, the login is often successful. Once logged in, the JavaScript code changes the router's settings - including the DNS server settings.

    Once this is done, the DNS resolution for the victim is controlled by the attacker. That means the hacker has complete control over which sites the victim visits. Ramzan notes that it is a combination of factors that allows this attack to succeed:

    • It's very simple in terms of what a victim needs to do to get snagged. There's no opening of email or clicking on links; all you have to do is visit the web page that hosts the code. You don't even have to click on any links once you're at the site; simply viewing it is enough.
    • It depends on people not having changed the default setting on their broadband routers - and as mentioned, many people haven't. And as you would expect, these defaults are widely available on the Internet. Sites hosting lists of routers with their default user names and passwords include http://www.routerpasswords.com/ and http://www.phenoelit.de/dpl/dpl.html
    • It won't work if you do not have JavaScript enabled in your browser - but 95 percent of Internet users do enable JavaScript, according to a formal study released by Jupitermedia Corporation in November of 2006. Indeed, with so many popular web sites using JavaScript, it's practically a necessity these days.

    While this particular attack hasn't been spotted in the wild as of yet, because of its ease it may be just a matter of time. It's important that web surfers guard against these attacks.

    More Web Hosting News Articles
    More By Terri Wells


    - FreedomPop Offering Open Wi-Fi Service
    - Go Daddy Goes to India
    - Netelligent, Savvis Add New Canadian Web Hos...
    - World IPv6 Launch Happens Today
    - IT Teams Struggle to Keep Pace with Malware
    - Lulz Security Hacks CIA, Takes Requests
    - Apple Unveils iCloud
    - Rackspace Introduces Cloud Load Balancers
    - Amazon Offers Cloud Drive, Disses Music Indu...
    - New Android.Pjapps Trojan
    - Copyright Fight over Hurt Locker Downloads I...
    - Data Reveals Many Browsers Remain Unpatched
    - PandaLabs Report - What Happens to Stolen In...
    - Safari Books Online Review
    - Hackers Targeting Human Rights Groups

    Developer Shed Affiliates


    © 2003-2019 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap