Millions of broadband users are at risk for a new kind of attack
called drive-by pharming, which targets password weaknesses in the
victim's router, researchers from Symantec Corp. and Indiana
University have warned.
 | | | | | Most people connect to the
Internet through broadband today, but they don't adequately protect
their routers.
Zully Ramzan,
senior principal researcherSymantec Security
Response |
| | | | | |
| |
|
The threat is greatest for those who don't change their default
passwords after using them to bring the router online. According to
an informal study by Indiana University, up to 50% of home
broadband users fail to reset the password after installing their
router.
"What worries me if that it's so simple for people to fall for
this kind of attack," said Zully Ramzan, senior principal
researcher for Symantec Security Response. "Most people connect to
the Internet through broadband today, but they don't adequately
protect their routers."
Attackers use this technique by luring the victim to a malicious
Web site. Once the user is on that site, the attacker is able to
use JavaScript to change the DNS settings on the router. "This
gives the attacker complete discretion over which Web sites the
victim visits on the Internet," Ramzan said. "For example, the user
may think they are visiting their online banking Web site but in
reality they have been redirected to the attacker's site."
Such fraudulent sites are an almost exact replica of the actual
site so the user won't likely notice the difference. Once the user
is directed to the pharmer's "bank" site and enters their user name
and password, the attacker can steal the information and access the
victim's account to transfer funds, create new accounts and write
checks.
While the threat affects mostly home users, Ramzan said
enterprise environments are also at risk.
"A lot of people take their laptops home and work off their home
router," he said. "One of the ways people break into networks is by
stealing credentials from a compromised laptop."
His advice to users is to reset their router passwords at least
once -- the day it is hooked up to the home or office computer
system. If the password is changed every few months, that's even
better.
Professor Markus Jakobsson of the Indiana University School of
Infomatics the new attack technique shows how important the human
factor is in security
"While drive-by pharming arises due to inadequate protective
measures, there is also another human component: If an attacker can
trick you into visiting his page, he can probe your machine," he
said in a statement. "Deceit is not new to humankind, but it is
fairly recently that security researchers started taking it
seriously."