Dubbed 'drive-by pharming', the attack relies on JavaScript being enabled in the victim's browser, and the router's administrative password being left at the default.
What happens is that the victim visits an apparently innocuous web page, but it contains a JavaScript that logs into the router. Since the script is running within the browser, the request is seen by the router as coming from the LAN, not the Internet.
Once logged in, the script changes the router's configuration so it uses a DNS server controlled by the attacker. DNS servers are the part of the Internet that translate domain names such as www.my-bank.com (to use Symantec's example) to IP addresses such as 69.8.217.90. The attacker's DNS server is configured to translate bank domain names to the IP addresses of servers also controlled by the attacker, which host copies of the real banks' sites.
All this happens without requiring any interaction from the user, other than visiting the web page. The process occurs in the background with no indication of what's happening.
Then when the victim tries to connect to his or her bank's site, what comes up is actually a fake. About the only way of telling would be to check the site's certificate. The fake site captures the username and password, which are then used to extract money from the real account.
Symantec recommends users change the password on their routers (instructions can be found in the instruction manual or at the manufacturer's web site), and think twice before clicking on links.
New pharming threat to home and small office networks
Many - perhaps most - users of popular wired and wireless routers are in danger of being directed to fraudulent web sites impersonating Internet banking services, security experts at Symantec and Indiana University have warned.
RECRUITMENT & RETENTION REPORT 2013
HIRE OR FIRE? BUY OR BUILD2013 is well underway and Australian companies need to know whether they should invest in IT skills training or pay a premium for the people they need.
If you want to know which choices are being made in your sector, what skills are hard to find, which sectors intend to hire or fire and where the IT spend is going, this free report is must have.
Stephen Withers
Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences, a PhD in Industrial and Business Studies, and is a senior member of the Australian Computer Society.
