Remote workers vulnerable to pharming, Symantec warns

Drive-by pharming route users to fake websites as hackers attack wireless routers.

Researchers at the Indiana University School of Informatics and security company Symantec have uncovered a method of hijacking web browsers.

The attack involves little more on the victim's part than simply visiting a web page.

The attacker's web page runs a piece of JavaScript code which attempts to log in to your router in the background and reconfigures the settings, including the DNS servers.

At the next attempt to visit a website on the internet, the router will check a different DNS server - one owned by the attacker - and get pages from wherever that DNS server tells it to.

In the case of online banking, the victim would type in the web address of their bank but might be directed to another site that looks exactly like the genuine article, including the address bar. (This technique is known as pharming, as opposed to the social-engineering techniques of phishing, where the user is duped more directly.)

"Such an attack is potentially quite devastating," claimed Symantec. "I believe this attack has serious widespread implications and affects many millions of users worldwide."

Even though the victim has to first visit the site and the JavaScript code needs to successfully get the login credentials to the router, the scope of the attack is huge.

Around 90 per cent of internet users enable JavaScript to run on their browser, while around half fail to change the default usernames and passwords with which their routers are shipped.

Lists of the various default username and password combinations for different makes of routers are widely available. Routerpasswords has an easy to use tool for finding them. Phenoelit.de publishes a list for the use of "computer security consultants interested in testing the security configuration of equipment," while CyberPunkCafe boasts the "Worlds Largest Default Router Password List!!".

Stopping such an attack is equally trivial, but it does involve a change in behaviour from the 50 per cent of lazy Internet users. "The simplest thing you can do to protect yourself is change the default password on your home wireless router," said Symantec. "Also, in general, I'd recommend staying away from Web sites that aren't known to be at least reasonably trustworthy. (And definitely don't blindly click on links in emails - even if the link came from someone you know. Remember, simply clicking on a link is all it takes for this attack to do its damage.)"

An animation of how the attack works is available from Symantec here.

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Recommended

Google’s about to push everyone into two-factor authentication
Security

Google’s about to push everyone into two-factor authentication

6 May 2021
Defense Dept. expands vulnerability disclosure program to all publicly accessible defense systems
ethical hacking

Defense Dept. expands vulnerability disclosure program to all publicly accessible defense systems

5 May 2021
Security researchers take control of a Tesla via drone
ethical hacking

Security researchers take control of a Tesla via drone

5 May 2021
Best free malware removal tools 2021
Security

Best free malware removal tools 2021

5 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
Dell patches vulnerability affecting hundreds of computer models worldwide
cyber security

Dell patches vulnerability affecting hundreds of computer models worldwide

5 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021