The first time I learned of the concept of drive-by pharming was when reading about a presentation given by application security expert Jeremiah Grossman at Black Hat in mid-2006. It's a concerning attack technique, not just because it enables an attacker to do nasty things, but also because of how passively Web users can become victimized. Until very recently, this attack was merely theoretical.
January 23, 2008
The first time I learned of the concept of drive-by pharming was when reading about a presentation given by application security expert Jeremiah Grossman at Black Hat in mid-2006. It's a concerning attack technique, not just because it enables an attacker to do nasty things, but also because of how passively Web users can become victimized. Until very recently, this attack was merely theoretical.According to security firm Symantec, it has seen the attack under way in the real world. And in order to get nailed with this, all you need is to have the factory-set password in place, and click on the wrong Web page, or simply view the wrong e-mail, since the attack is most often inflicted through specially crafted HTML or JavaScript.
The attacker then reconfigures the targeted router's DNS server settings. Now, the attacker effectively controls the victim's Internet connection. According to Symantec, the attack they spotted redirects users trying to access a popular Mexican bank's Web site in Mexico to a malicious Web site instead.
That makes this attack so dangerous to not only anyone who has failed to reset their factory router passwords, but anyone who visits a site managed by anyone who also has failed to do the same.
On its blog, Symantec goes into more detail, and lists some things that can be done to protect yourself. Things that should already have been done in the first place: stay away from untrustworthy sites, don't blindly click links in e-mail, and change the default router password. Let's hope many home users and business do the latter. Like, now.
About the Author(s)
You May Also Like
Defending Against Today's Threat Landscape with MDR
April 18, 2024The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024