Jump to content

Clicking A Link Gets More Dangerous


Recommended Posts

Clicking A Link Gets More Dangerous


The developers who built a proof of concept they call Drive-By Pharming said that by simply viewing the malicious web page would trigger major changes in someone's home broadband router or wireless access point.


Researcher Zulfikar Ramzan from Symantec, and Sid Stamm & Markus Jakobsson of the Indiana University School of Informatics, released a paper on Drive-By Pharming in December 2006. Its purpose was to illustrate the danger of not changing a default password in one's crucial piece of Internet connectivity, the router or wireless access point.


Through JavaScript hosted on a malicious web page, an attacker can alter a router with a default password in place so that it performs DNS lookups through the attacker's machine.


This way, the attacker can direct the web browser to any sites he wants. Since these criminals want to profit on their efforts, this could mean being redirected to spoofed bank, credit card, or other sites. From there personal information would be stolen and probably put to misuse immediately.


"I believe this attack has serious widespread implications and affects many millions of users worldwide," said Ramzan. "Fortunately, this attack is easy to defend against as well."


The ease of the attack is the greater concern. Due to the regular practice of having JavaScript enabled in a web browser to properly view many websites, most browsers enable this router-grabbing attack to take place.


People continue to demonstrate that they will click on unfamiliar links in messages, no matter about the identity of the sender. If those users haven't taken the step to change the router's default password, it's only a matter of time before someone reconstructs Ramzan's attack and turns it loose online.








Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...