ComputerWorld warns those using a WiFi router about a recent threat. It is strongly recommended to change its password otherwise you might risk to become one of the drive-by "pharming" attack victims which is based on URLs typing – it redirects you to bogus Web sites disguised as legitimate ones. Your private information could then be stolen.The be aware sign was triggered by Symantec security expert and blogger Zulfikar Ramzan who confirmed the existence of such drive-by pharming attacks.
This is a description of how the attack is conducted – firstly, a malicious code is installed on your PC, through email or when visiting a fraudulent Web page. Then the malicious code modifies the DNS settings in your home router – making it possible when you type in certain URLs to have you redirected to a bogus Web page which appears to be genuine.
Since it does look like the actual page, and you've typed in the URL yourself, you will have no second thoughts about it being the real thing. However, you are very wrong and your information is as good as stolen if you type it.
It’s been a year since Ramzan first reported on the theoretical menace. However, most recently, he stated that, "We recently saw instances of actual attackers attempting a basic version of drive-by pharming." According to his observations , on one attack, hackers attached the malicious code in an email which said it had an e-card waiting for the recipient at gusanito.com.
But that wasn’t all the email contained- to quote Ramzan again, it "also contained an HTML IMG tag that resulted in an HTTP GET request being made to a router (the make of which is a popular router model in Mexico). The GET request modified the router’s DNS settings so that the URL for a popular Mexico-based banking site (as well as other related domains) would be mapped to an attacker’s Web site."
Fortunately, for the time being, the attack is limited to Mexico. However, one cannot rest assured that it can't be possibly used elsewhere just the same. To take precautions so that you don’t become a victim yourself, all you have to do is modify your router's log-in information from the default. You may wonder –what happens if I forget the login information? No need to be concerned – if that happens, you can simply do a hard re-set on your router, and the password will be re-set to the default. Afterwards, log in, and then change it.
