Drive-by pharming

What is it?
Drive-by Pharming is the compromise of a network broadband router that alters the DNS server settings to direct users to the DNS servers of an attacker.

How does it work?
There are two basic methods. The first is for an attacker to trick a user into clicking a web link that directs them to a page with a piece of malicious JavaScript code that will attempt to make a login connection back to the router. The second method is for an attacker to make a connection directly to a router that can be remotely administered. 

Should I be worried?
If successful, the attacker can direct users to any malicious site of their choosing. This can result in data or identity theft.  The success of this tactic is dependent upon the attacker knowing your router password. Users do not need to install software on their PC for this attack to be carried out.

How can I prevent it?
Since default router passwords are both known to attackers and posted online, changing the default password of the router is generally enough to keep you safe. A secondary precaution would be to turn off remote administration capability if not required.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.