Drive-By Pharming Attacks could be the next BIG internet threat mainly because they can carry out the malicious exploit and still get undetected . Fortunately, you can prevent it easily.
Drive-By Pharming permits attackers to create a Web page that, simply when viewed, results in critical configuration changes to your home broadband router or wireless access point. As a result, attackers gain complete control over the ways by which you surf the Web, allowing them to direct you to sites they designed.
The attack is based on pharming, which, like phishing, is a way bad guys trick you into visiting fake web sites. Where phishing fools you-the-user, pharming fools your computer. It does this by compromising your system's access to the DNS (Domain Name Server) system. When you type www.mybank.com, DNS translates that into the correct IP address.
But if you've been pharmed, it'll translate to the fake site's IP address, and you won't know the difference. One simple pharming attack involves tweaking the computer's HOSTS file, which overrides server-based DNS.
That's not such a biggie, because your security software protects the HOSTS file. A bad guy with physical access to your home network might change the DNS settings in the router, directing DNS requests to a black-hat server.
But get real - do you let bad guys come in and use your network?
So what's the new problem? Professor Markus Jakobsson of Indiana University has done a lot of research on router vulnerabilities. Jeremiah Grossman of WhiteHat Security gave a talk at the Black Hat conference last year on Javascript malware. Zulfikar Ramzan of Symantec Security Response put the two pieces together… and realized that it's possible for Javascript on a web site to modify your router's DNS settings.
As you can imagine, such an attack is potentially quite devastating. The attack can impact a large number of people for the following reasons:
(1) All you have to do to become a victim is simply visit the Web page that hosts this malicious code. You don’t have to click OK on any dialogue boxes or accidentally download and install malicious software. Simply viewing the page in question is enough to cause the necessary damage.
(2) Many people fail to change the default password on their home broadband routers. In fact, some informal studies show that 50 percent of people fall into this category .
(3) Many people enable the execution of JavaScript code on their Web browser. Formal studies show that 95 percent of Internet users fall into this category. In fact, nowadays almost all popular Web sites use JavaScript, so it’s necessary to have it functioning properly.
The simplest thing you can do to protect yourself is change the default password on your home wireless router. |
