Symantec warns consumers against home broadband networks from new attack

16 February 2007

Global infrastructure software developer, Symantec Corp, today announced that it had, in conjunction with the Indiana University School of Informatics, uncovered a significant new security threat. In this attack, dubbed "drive-by pharming," consumers may fall victim to pharming by having their home broadband routers reconfigured by a malicious web site.

Drive-by pharming involves the use of JavaScript to change the settings of a user's home broadband router. Once the user clicks on a malicious link, malicious JavaScript code is used to change the DNS settings on the user's router. From this point on, every time the user browses to a web site, the attacker will perform DNS resolution.

DNS resolution is the process by which one determines the internet address corresponding to a web site's common name. This gives the attacker complete discretion over which web sites the victim visits on the Internet.

For example, the user may think they are visiting their online banking web site but in reality they have been redirected to the attacker's site.

These fraudulent sites are an almost exact replica of the actual site so the user is likely not recognise the difference. Once the user is directed to the pharmer's "bank" site, and enters their user name and password, the attacker can steal this information. The attacker will then be able to access the victim's account on the "real" bank site and transfer funds, create new accounts, and write checks.

According to a separate informal study conducted by Indiana University, up to 50 per cent of home broadband users are susceptible to this attack.