Shark Bait

Knowledge Centers

Operating Systems

Networking & Internet

Mobile & Wireless

Security

Storage

Business Intelligence

Servers & Data Center

Computerworld Reports

Industry

See your link here

Preston Gralla

Seeing Through Windows

Beware: Your WiFi router can be hijacked by "pharmers"

2 comments

TAGS:home router, malware, pharming, Wi-Fi
IT TOPICS:Internet, Networking, Security

If you've got a WiFi router and haven't changed its password, you're in danger of being victimized by a drive-by "pharming" attack in which when you type in normal URLs, you're sent to phony Web sites masquerading as the real thing. Your private information could then be stolen.

This is not a theoretical danger. Symantec security expert and blogger Zulfikar Ramzan reports that such drive-by pharming attacks have already been launched.

Here's how it works. Malicious code is planted on your PC, via email or visiting an infected Web page. The malicious code changes the DNS settings in your home router, so that when you type in certain URLs --- such as to your bank --- you're rerouted to a phony Web page that looks like the real thing. It looks like the real page, and you've typed in the URL yourself, so you figure it's safe. But it's not; type in your login information, and it's stolen.

Ramzan reported on the theoretical danger a year ago. But now, he says in his most recent blog, "We recently saw instances of actual attackers attempting a basic version of drive-by pharming." He notes that in one attack, hackers embedded malicious code in an email that said it had an e-card waiting for the recipient at gusanito.com. But the email, he says, "also contained an HTML IMG tag that resulted in an HTTP GET request being made to a router (the make of which is a popular router model in Mexico). The GET request modified the router’s DNS settings so that the URL for a popular Mexico-based banking site (as well as other related domains) would be mapped to an attacker’s Web site."

For now, the attack is confined to Mexico. But there's no reason it can't be used elsewhere as well. To make sure you're not a victim, all you need to do is change your router's log-in information from the default. Don't worry about forgetting the login information. If you forget it, you can just do a hard re-set on your router, and the password will be re-set to the default. Log in, and then change it.

If you're looking for more advice on protecting your home router, by the way, check out my article, How to protect your wireless network.

Email this

Digg this

What People Are Saying

Add new comment

besides changing the default password- upgrade firmware

Submitted by Anonymous on January 31, 2008 - 12:42 P.M.

http://www.computershopper.co.uk/shopper/news/159414/hackers-attack-broadband-routers.html

In the Mexican case a password wasn't needed- due to a design flaw in the 2Wire router that was targeted. A cross-site request forgery vulnerability allowed the malware to simply send a URI to the router in order to crack it. This technique can be used to set a password, add names to the DNS, disable wireless authentication and set dynamic DNS - and ***it doesn't need to use a password to gain access to these settings.***

Reply | Report this comment

Wireless Insecurity

Submitted by Craig Herberg on January 27, 2008 - 1:14 P.M.

Unfortunately, hackers don't have to work very hard to break in to wireless routers. Most that I've worked on had "admin" or "password," until I changed them to something much more complex. Many of these had previously been set up by IT professionals who conveniently retained the default passwords.

Reply | Report this comment

Mac OS X: Vulnerable to new Trojans

Should Windows users boycott Apple's Safari?

GhostNet is watching

MSNBC Spam-O-Rama

LIVE Nov 10, 2009 12:00 PM ET

Architecting Business Intelligence Applications for Change: The Open Solution

LIVE Nov 12, 2009 02:00 PM ET

Forrester Consulting - Optimizing Users and Applications in a Mobile World
Learn how to successfully deploy a WAN optimization solution that is specifically tuned for a mobile environment!

Top to Bottom Performance Management Excellence at the City of Chicago
View now.

Faster, Cheaper and Easier to Maintain
Can you afford not to upgrade your servers to today's advanced, energy-efficient technologies?

Effectively Implementing Datacenter Automation
Effectively select and deploy the best datacenter automation solution today!

The State of PCI DSS Compliance at Organizations Today
Download this resource today!

Aligning IT to Business: The Rising Importance of Application Delivery Networks
Application Delivery Networking (ADN) will play a vital role in helping enterprises incorporate strategic technologies to achieve business initiatives.

All White Papers | All Webcasts