Sam Masiello, VP of information security, MX Logic
February 05, 2009
Threat of the month

Drive-by pharming

What is it?
Drive-by Pharming is the compromise of a network broadband router that alters the DNS server settings to direct users to the DNS servers of an attacker.

How does it work?
There are two basic methods. The first is for an attacker to trick a user into clicking a web link that directs them to a page with a piece of malicious JavaScript code that will attempt to make a login connection back to the router. The second method is for an attacker to make a connection directly to a router that can be remotely administered. 

Should I be worried?
If successful, the attacker can direct users to any malicious site of their choosing. This can result in data or identity theft.  The success of this tactic is dependent upon the attacker knowing your router password. Users do not need to install software on their PC for this attack to be carried out.

How can I prevent it?
Since default router passwords are both known to attackers and posted online, changing the default password of the router is generally enough to keep you safe. A secondary precaution would be to turn off remote administration capability if not required.

From the February 2009 Issue of SCMagazine »
Related Articles

Sign up to our newsletters

More in Features

Suspect everything: Advanced threats in the network

Suspect everything: Advanced threats in the network

Are there ways to catch sophisticated malware that hides in trusted processes and services? Deb Radcliff finds out.

Urgent care: Safeguarding data at health care providers

Urgent care: Safeguarding data at health care providers

Health providers have pressing reasons to now embrace security, says INTEGRIS Health's John Delano. Karen Epper Hoffman reports.

Deciphering cloud strategy

Deciphering cloud strategy

There are steps security pros can take to achieve greater peace of mind with cloud implementations, reports Alan Earls.