Symantec's security expert, Zulfikar Ramzan, in conjunction with two professors, Sid Stamm and Markus Jakobsson, at the Indiana University School of Informatics, has produced a proof-of-concept JavaScript Web application that, if disseminated in the wild, would mean that one only need visit a malicious Web page to be attacked and have account User ID's and passwords swiped. No malware is installed, so the user wouldn't even be aware that an attack had occurred. This special method of attack is called "drive-by pharming," and you need to know about it.
The attack is aimed at broadband users whose Internet connection is routed through a router before connecting to the user's computer. The malicious Web application changes the DNS (Domain Name Service) server setting for the router (which requires the router's password -- and half the time people don't change the default password!), so that when the user types in the URL for a bank, the router requests the IP address of the desired URL from the attacker's DNS server, not the DNS server it's supposed to get the address from. Of course, the attacker's DNS server has been set up to return the wrong IP addresses for certain banking and credit card institutions' Web sites, which just so happen to be the IP addresses for the attacker's bogus Web sites that look just like the real thing. The user types in his User ID and password at the bogus Web site and . . . bingo! The attacker has all he needs to transfer money out of the real bank account.
It's easy enough to protect yourself from this scam by changing the default password on your router, so that no one can change its settings without your knowledge. Here is a list of the most common routers and links to the manufacturers' Web sites to find out how to change your router's password.
For more information about this scam, including a short video explaining it in more detail, please follow this link.
Subscribe to:
Post Comments (Atom)
SUBSCRIBE (RSS/Atom)
No comments:
Post a Comment