New pharming threat to home and small office networks
Once logged in, the script changes the router's configuration so it uses a DNS server controlled by the attacker. DNS servers are the part of the Internet that translate domain names such as www.my-bank.com (to use Symantec's example) to IP addresses such as 184.108.40.206. The attacker's DNS server is configured to translate bank domain names to the IP addresses of servers also controlled by the attacker, which host copies of the real banks' sites.
All this happens without requiring any interaction from the user, other than visiting the web page. The process occurs in the background with no indication of what's happening.
Then when the victim tries to connect to his or her bank's site, what comes up is actually a fake. About the only way of telling would be to check the site's certificate. The fake site captures the username and password, which are then used to extract money from the real account.
Symantec recommends users change the password on their routers (instructions can be found in the instruction manual or at the manufacturer's web site), and think twice before clicking on links.
RECRUITMENT & RETENTION REPORT 2013HIRE OR FIRE? BUY OR BUILD
2013 is well underway and Australian companies need to know whether they should invest in IT skills training or pay a premium for the people they need.
If you want to know which choices are being made in your sector, what skills are hard to find, which sectors intend to hire or fire and where the IT spend is going, this free report is must have.
Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences, a PhD in Industrial and Business Studies, and is a senior member of the Australian Computer Society.