Pharming a Scary Harvest - New Worries: Drive-by Pharming
(Page 3 of 4 )
A new wrinkle in pharming has been reported by eWeek and other online news sources. It was discovered by researchers at Symantec and the Indiana University School of Infomatics. Dubbed "drive-by pharming," it is particularly scary because all a victim needs to do is view a web page to allow a hacker to make "substantive configuration changes to your home broadband router or wireless access point," according to Zulfikar Ramzan, writing in his blog on Symantec's web site. Merely from viewing the page, Ramzan explained, "attackers gain complete control over the conduit by which you surf the Web, allowing them to direct you to sites they designed (no matter what Web address you direct your Web browser to)."
Once this is done, the DNS resolution for the victim is controlled by the attacker. That means the hacker has complete control over which sites the victim visits. Ramzan notes that it is a combination of factors that allows this attack to succeed:
- It's very simple in terms of what a victim needs to do to get snagged. There's no opening of email or clicking on links; all you have to do is visit the web page that hosts the code. You don't even have to click on any links once you're at the site; simply viewing it is enough.
- It depends on people not having changed the default setting on their broadband routers - and as mentioned, many people haven't. And as you would expect, these defaults are widely available on the Internet. Sites hosting lists of routers with their default user names and passwords include http://www.routerpasswords.com/ and http://www.phenoelit.de/dpl/dpl.html
While this particular attack hasn't been spotted in the wild as of yet, because of its ease it may be just a matter of time. It's important that web surfers guard against these attacks.
More Web Hosting News Articles
More By Terri Wells