SDA India is an online resource for Software, Development,IT, Architecture, Open Source, Mobile, Security, Databases, Delphi, C, OS, Asp, .Net, Php, Xml, Java
From the News Desk
Wednesday, 23. January 2008
Drive-By Pharming Attack Becomes Reality
What had been suggested as a potential threat a year ago, an attack that would alter a victim's DNS settings simply by visiting a malicious web page, surfaced as a recent threat.
Symantec, in an official blog, announced that online criminals have started to remotely redirect your home network router's DNS server so that whenever you type in a financial institution or other trusted site, your browser will instead be redirected to a bogus or phishing Web site.
"With this sort of attack, all a victim would have to do to be susceptible is simply view the attacker’s malicious HTML or JavaScript code, which could be placed on a Web page or embedded in an email," Symantec says.
The practice, called pharming, usually attacks the DNS servers directly, but this latest attack brings it all home. The routers and institutions affected by this current attack are limited to one country, Mexico, but Symantec warns that word of this real-world attack could bring similar attacks elsewhere.
According to a blog by Zulfikar Ramzan, a researcher at Symantec, "the attackers embedded the malicious code inside an e-mail that claimed it had an e-card waiting for you at the Web site gusanito.com. The e-mail also contained an HTML IMG tag that resulted in an HTTP GET request being made to a router. The GET request modified the router's DNS settings so that the URL for a popular Mexico-based banking site would be mapped to an attacker's Web site."
Drive-by pharming began as a concept described by researchers. Jeremiah Grossman, founder of CTO of Whitehat Security, gave a presentation about the exploit at the Black Hat conference in August of 2006. Symantec subsequently blogged about the idea as well.
To make sure you're not a victim, all you need to do is change your router's log-in information from the default. Don't worry about forgetting the login information. If you forget it, you can just do a hard re-set on your router, and the password will be re-set to the default. Log in, and then change it, said Symantec.
Symantec, in an official blog, announced that online criminals have started to remotely redirect your home network router's DNS server so that whenever you type in a financial institution or other trusted site, your browser will instead be redirected to a bogus or phishing Web site.
"With this sort of attack, all a victim would have to do to be susceptible is simply view the attacker’s malicious HTML or JavaScript code, which could be placed on a Web page or embedded in an email," Symantec says.
The practice, called pharming, usually attacks the DNS servers directly, but this latest attack brings it all home. The routers and institutions affected by this current attack are limited to one country, Mexico, but Symantec warns that word of this real-world attack could bring similar attacks elsewhere.
According to a blog by Zulfikar Ramzan, a researcher at Symantec, "the attackers embedded the malicious code inside an e-mail that claimed it had an e-card waiting for you at the Web site gusanito.com. The e-mail also contained an HTML IMG tag that resulted in an HTTP GET request being made to a router. The GET request modified the router's DNS settings so that the URL for a popular Mexico-based banking site would be mapped to an attacker's Web site."
Drive-by pharming began as a concept described by researchers. Jeremiah Grossman, founder of CTO of Whitehat Security, gave a presentation about the exploit at the Black Hat conference in August of 2006. Symantec subsequently blogged about the idea as well.
To make sure you're not a victim, all you need to do is change your router's log-in information from the default. Don't worry about forgetting the login information. If you forget it, you can just do a hard re-set on your router, and the password will be re-set to the default. Log in, and then change it, said Symantec.
