Drive-by pharming! Wha? Where?
Beautiful downtown
Mexico.
Symantec has announced that online criminals have
started to remotely redirect your home network router’s DNS server so that
whenever you type in a financial institution or other trusted site, your browser
will instead be redirected to a bogus or phishing Web
site.
The practice, called pharming, usually attacks the DNS servers directly, but this latest attack brings it all home (if you are using broadband connectivity). Fortunately, the routers and institutions affected by this current attack are limited to one country, Mexico, but Symantec warns that word of this real-world attack could bring similar attacks elsewhere…
According to a blog by Zulfikar Ramzan, a researcher at Symantec, “the attackers embedded the malicious code inside an e-mail that claimed it had an e-card waiting for you at the Web site gusanito.com. Unfortunately the e-mail also contained an HTML IMG tag that resulted in an HTTP GET request being made to a router (the make of which is a popular router model in Mexico). The GET request modified the router’s DNS settings so that the URL for a popular Mexico-based banking site (as well as other related domains) would be mapped to an attacker’s Web site.”
Change the password out of the box. Change the password out of the box!
There is no patch for stupidity in any country.
The practice, called pharming, usually attacks the DNS servers directly, but this latest attack brings it all home (if you are using broadband connectivity). Fortunately, the routers and institutions affected by this current attack are limited to one country, Mexico, but Symantec warns that word of this real-world attack could bring similar attacks elsewhere…
According to a blog by Zulfikar Ramzan, a researcher at Symantec, “the attackers embedded the malicious code inside an e-mail that claimed it had an e-card waiting for you at the Web site gusanito.com. Unfortunately the e-mail also contained an HTML IMG tag that resulted in an HTTP GET request being made to a router (the make of which is a popular router model in Mexico). The GET request modified the router’s DNS settings so that the URL for a popular Mexico-based banking site (as well as other related domains) would be mapped to an attacker’s Web site.”
Change the password out of the box. Change the password out of the box!
There is no patch for stupidity in any country.
Posted: Thu - January 24, 2008 at 07:48 AM