McKenzie-Thorpe

Pharming concept becomes reality
January 23, 2008
Web User

The theory of wireless ‘pharming’ attacks, which was outlined by security firm Symantec, has been put into practice by cybercriminals.

What’s more, the attacks are more damaging than Symantec thought when it first stumbled on the concept last year.

The attack involves changing the DNS (domain name system) server settings on the victim’s home broadband router. If the DNS server is altered, cybercriminals can direct your browser to any web page they wish.

"We recently saw instances of actual attackers attempting a basic version of drive-by pharming," wrote Zulfikar Ramzan on the Symantec blog.

He said that a particular brand of router sold in Mexico was even more vulnerable to attack than first imagined.

"The first real-life instance of drive-by pharming that we witnessed was even more devastating than the original concept we envisioned a while back, because this particular brand of router has a more substantial vulnerability that makes the attack far more potent," he said.

Typically, routers are password-protected but few users actually know of this, let alone bother to change it. Since the default passwords are easy to find out by doing a simple web search, if a cybercriminal knows what type of router you have, they can find out the password and hack into it.

However, the Mexican routers in question are not even password-protected.

Ramzan recommended that everyone whose router password had not been changed since it was set up should make sure they do so now.

"Also, I’d recommend that you reset the router anyway before changing your password. This step ensures that if you have become a victim already, you can start with a clean slate as the DNS server settings are also restored to the default during a hard reset," Ramzan said.

www.symantec.com

Tags: Internet Security //