iTWire - New pharming threat to home and small office networks

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

New pharming threat to home and small office networks

New pharming threat to home and small office networks

E-mail

by Stephen Withers
Friday, 16 February 2007
Many - perhaps most - users of popular wired and wireless routers are in danger of being directed to fraudulent web sites impersonating Internet banking services, security experts at Symantec and Indiana University have warned. Featured Whitepaper 5 Best Practices for Smartphone Support Dubbed 'drive-by pharming', the attack relies on JavaScript being enabled in the victim's browser, and the router's administrative password being left at the default. What happens is that the victim visits an apparently innocuous web page, but it contains a JavaScript that logs into the router. Since the script is running within the browser, the request is seen by the router as coming from the LAN, not the Internet. Once logged in, the script changes the router's configuration so it uses a DNS server controlled by the attacker. DNS servers are the part of the Internet that translate domain names such as www.my-bank.com (to use Symantec's example) to IP addresses such as 69.8.217.90. The attacker's DNS server is configured to translate bank domain names to the IP addresses of servers also controlled by the attacker, which host copies of the real banks' sites. All this happens without requiring any interaction from the user, other than visiting the web page. The process occurs in the background with no indication of what's happening. Then when the victim tries to connect to his or her bank's site, what comes up is actually a fake. About the only way of telling would be to check the site's certificate. The fake site captures the username and password, which are then used to extract money from the real account. Symantec recommends users change the password on their routers (instructions can be found in the instruction manual or at the manufacturer's web site), and think twice before clicking on links.{moscomment} Tags See All Tags Browsers Hardware Internet Malware Security Stephen Withers Switching & Routing Powered By Joomla Tags Please enable JavaScript in your browser to post your comment!

< Next story in category		Previous story in the category >

Sponsored Releases

Thunderhead Appoints Phil Walker as Managing Director of Asia Pacific and Europe

Heathrow Airport Terminal 5 Live with Progress Software

Open Text Deepens Integration with SAP® Solutions

As Christmas Nears, AVG (AU/NZ) Advises Shoppers How to Stay Safe Online

Progress Software Successfully Enables SaaS Deployment in the Cloud for Fifth Year

...Promote your press-releases here

Latest jobs

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking