Drive-by Pharming Attacks hit WiFi Routers

Identity Theft - Phishing : Drive-by Pharming Attacks hit WiFi Routers

Posted by Max on 2008/1/24 13:05:11 (1073 reads)

ComputerWorld warns those using a WiFi router about a recent threat. It is strongly recommended to change its password otherwise you might risk to become one of the drive-by "pharming" attack victims which is based on URLs typing – it redirects you to bogus Web sites disguised as legitimate ones. Your private information could then be stolen.The be aware sign was triggered by Symantec security expert and blogger Zulfikar Ramzan who confirmed the existence of such drive-by pharming attacks.

This is a description of how the attack is conducted – firstly, a malicious code is installed on your PC, through email or when visiting a fraudulent Web page. Then the malicious code modifies the DNS settings in your home router – making it possible when you type in certain URLs to have you redirected to a bogus Web page which appears to be genuine.

Since it does look like the actual page, and you've typed in the URL yourself, you will have no second thoughts about it being the real thing. However, you are very wrong and your information is as good as stolen if you type it.

It’s been a year since Ramzan first reported on the theoretical menace. However, most recently, he stated that, "We recently saw instances of actual attackers attempting a basic version of drive-by pharming." According to his observations , on one attack, hackers attached the malicious code in an email which said it had an e-card waiting for the recipient at gusanito.com.

But that wasn’t all the email contained- to quote Ramzan again, it "also contained an HTML IMG tag that resulted in an HTTP GET request being made to a router (the make of which is a popular router model in Mexico). The GET request modified the router’s DNS settings so that the URL for a popular Mexico-based banking site (as well as other related domains) would be mapped to an attacker’s Web site."

Fortunately, for the time being, the attack is limited to Mexico. However, one cannot rest assured that it can't be possibly used elsewhere just the same. To take precautions so that you don’t become a victim yourself, all you have to do is modify your router's log-in information from the default. You may wonder –what happens if I forget the login information? No need to be concerned – if that happens, you can simply do a hard re-set on your router, and the password will be re-set to the default. Afterwards, log in, and then change it.

Previous article - Next article

Other articles
2010/3/18 8:07:31 - Panda Cloud Antivirus Receives ICSA Labs' First Cloud-Based Certification
2010/3/17 15:49:34 - Open-Source Email Security Taken To The Next Level at WebhostingDay
2010/3/17 15:18:40 - McAfee Warns ABout Scareware or Fake Antivirus Software
2010/3/2 5:22:13 - VeriSign and AVG Will Integrate VeriSign Trust(TM) Seal Within AVG LinkScanner(R)
2010/3/1 7:36:12 - New Stealth Software Protects P2P Users From Lawsuits by Copyright Holders
2010/2/24 13:55:16 - New State of The Art Firewall By Palo Alto Networks
2010/2/24 13:50:26 - Beware of Fake Antimalware Programs Like PCsProtector
2010/2/24 13:38:02 - New Registry Cleaner Guide Helps Your PC Perform Faster
2010/2/3 7:32:43 - PC Login Now (Full version) Available Now For Free.
2010/2/3 7:11:57 - Mitto Named One of 20 Top Web Applications

The comments are owned by the poster. We aren't responsible for their content.