CYBERSPACE — Just when IT professionals and hobbyists think they’ve heard it all, something new comes along. The latest clever cracker maneuver is something that Symantec’s Security Response division and the Indiana University School of Informatics are calling “drive-by pharming.”According to Indiana University, drive-by pharmers take the more traditional pharming technique of redirecting users from legitimate to malicious websites that either change the host PC’s files or tinker with its domain name server one step beyond. With the new technique, attackers can remotely reconfigure the DNS settings on home broadband routers or wireless access points so that sensitive login information for legitimate websites such as financial institutions can be harvested.
“This new research exposes a problem affecting millions of broadband users worldwide,” Symantec Security Response director Oliver Friedrich pointed out in a statement from the company. “Because of the ease by which drive-by pharming attacks can be launched, it is vital that consumers adequately protect their broadband routers and wireless access points today.”
A study conducted by the two organizations concluded that as many as 50-percent of home broadband users are likely susceptible to the attacks, which can happen when a broadband router is not password-protected or has a password that can easily be guessed, either due to knowledge of the owners or because they never changed the default passwords that came with their hardware.
Since pharmers are able to accomplish their goals by taking advantage of carelessness or ignorance about router security, Symantec is developing technologies specifically directed at the issue. Until the company or one of its competitors develops an early warning system, tech experts recommend that computer users provide their routers with unique passwords, install and properly configure internet security software, and avoid clicking on links that seem suspect, including those send by strangers via email.
