New 'Pharming' Attack Targets Your Router

[peat moss]

Feb. 15, 2007 -- I get tons of press releases about this-or-that brand new security threat. Most of them aren't nearly as scary as they're hyped to be, and the solution is almost invariably "buy our product!"

But today I heard about a new threat discovered by Symantec and Indiana University that could be a real doozy. It's especially pernicious in that normal security software doesn't detect it. But you don't have to buy anything to protect yourself. That's doubly unusual.


The attack is based on pharming, which, like phishing, is a way bad guys trick you into visiting fake web sites. Where phishing fools you-the-user, pharming fools your computer. It does this by compromising your system's access to the DNS (Domain Name Server) system. When you type www.mybank.com, DNS translates that into the correct IP address.

Source: http://abcnews.go.com/Technology/ZDM/story?id=2878235

[grchl3]

Whoa, a malicious javascript that runs through your browser and is able to reset the password on a router even if remote administration on the router is turned off. Granted the router is only vulnerable if the password hadn't been changed by the user, but this just highlights the need for networking hardware manufacturers, especially those who make home routers, to ship their products preconfigured to run securely. The user should be encouraged to change their password. Ideally one would hope that users had this knowledge before getting connected to the net in the first place, but that just is not case nowadays. The massive amount of spambots and zombie machines shows that something has to be done to get new users up to speed and companies who make home routers (that's you linksys) can make a difference here.

Thanks for the story peat moss. I wouldn't even think an exploit like this was possible but it just goes to show that securing a computer is an ongoing process.

[Hairbautt]

Whoa, a malicious javascript that runs through your browser and is able to reset the password on a router even if remote administration on the router is turned off. Granted the router is only vulnerable if the password hadn't been changed by the user, but this just highlights the need for networking hardware manufacturers, especially those who make home routers, to ship their products preconfigured to run securely. The user should be encouraged to change their password. Ideally one would hope that users had this knowledge before getting connected to the net in the first place, but that just is not case nowadays. The massive amount of spambots and zombie machines shows that something has to be done to get new users up to speed and companies who make home routers (that's you linksys) can make a difference here.

Thanks for the story peat moss. I wouldn't even think an exploit like this was possible but it just goes to show that securing a computer is an ongoing process.

I didn't think it was possible, either. I completely agree on the part of users not knowing about their router security, too. I didn't know about it, until I found a thread here bout it sometime ago.

[grchl3]

That's just what I was thinking too Hairbautt. Luckily we get this info because we keep up with computer news by visiting sites like FST and others that post these headlines (Nice job with the Firefox cookies flaw story btw ). The really distressing part of this is that the majority of users don't even realize that these issues exist because news like this doesn't really hit the mainstream headlines. I remember when the wireless drivers exploit was announced no one outside of computer enthusiasts knew there was an issue.

The other part of it is that securing a computer/home network has become more and more onerous. MS did one thing right with XP SP2 and the integrated firewall. But outside of windows updates, a user now has to make sure that so many other applications are updated including office apps, graphics programs, im clients, browser plugins and multimedia apps just to name a few. Its all just become too unwieldy. For example, if a user clicks on the wrong link thats been specifically crafted to take advantage of an exploit in an im client, all the other updates can be made moot. I just wish keeping track of all the exploits and updates was a bit more centralized and streamlined. I guess the solution would be to make the switch to linux. It definitely couldn't hurt.

[Hairbautt]

I guess the solution would be to make the switch to linux. It definitely couldn't hurt.

Oh, thank god I thought you were going to say MAC , but seriously take that whole argument you just posted and write a book about it, because I think it's so true.

[grchl3]

Oh, thank god I thought you were going to say MAC ,

I wouldn't dare! I get enough of that from my mac loving friends

but seriously take that whole argument you just posted and write a book about it, because I think it's so true.

Looking back over what I just posted, I think I just did write a book . MS just gets me so riled up sometimes...and then I go right back and use the same os I spent half an hour complaining about.