Millions Vulnerable to New Hack Attack
Security firm Symantec and the Indiana University School of Informatics have discovered a new type of security threat that could leave up to 50 percent of home broadband users susceptible to attack.
Called “drive-by pharming,” the threat is focused on home routers, which can be reconfigured and directed to a malicious Web site if default settings and passwords are being used.
With traditional pharming, an attacker redirects a user from a legitimate Web site to a bogus Web site that contains malicious code. Pharming attacks can be executed by either changing the host file on a victim’s PC or manipulating a domain name system (DNS) server.
In the new scheme, when a user visits a malicious Web site, an attacker is able to remotely change the DNS settings on the broadband router or wireless access point and reroute requests for legitimate sites — like online banking sites or financial institutions — to bogus sites designed to steal login information.
Default Passwords
The security team that examined the issue believes that the problem potentially affects millions of broadband users worldwide, and that the attacks can be easily launched. The researchers urged users to protect their broadband routers and wireless access points by changing their default passwords.
Drive-by pharming is dangerous not only because it directs users to malicious sites, but also because an attacker can permanently change router settings, exposing unwitting victims to ongoing attacks.
“This new research exposes a problem affecting millions of broadband users worldwide,” Oliver Friedrichs, director of Symantec Security Response, said in a statement. “Because of the ease by which drive-by pharming attacks can be launched, it is vital that consumers adequately protect their broadband routers and wireless access points today.”
Symantec recommends that users should change their default passwords and= employ a multilayered security strategy consisting of an Internet security program that…
