Full Disclosure mailing list archives
Drive-by Pharming
From: "Oliver Friedrichs" <oliver_friedrichs () symantec com>
Date: Thu, 15 Feb 2007 09:02:55 -0800
Everyone, I'm posting this on behalf of Zulfikar Ramzan who isn't subscribed to this list. We discovered a new potential threat that we term "Drive-by Pharming". An attacker can create a web page containing a simple piece of malicious JavaScript code. When the page is viewed, the code makes a login attempt into the user's home broadband router and attempts to change its DNS server settings (e.g., to point the user to an attacker-controlled DNS server). Once the user's machine receives the updated DNS settings from the router (e.g., after the machine is rebooted) future DNS request are made to and resolved by the attacker's DNS server. The main condition for the attack to be successful is that the attacker can guess the router password (which can be very easy to do since these home routers come with a default password that is uniform, well known, and often never changed). Note that the attack does not require the user to download any malicious software - simply viewing a web page with the malicious JavaScript code is enough. We've written proof of concept code that can successfully carry out the steps of the attack on Linksys, D-Link, and NETGEAR home routers. If users change their home broadband router passwords to something difficult for an attacker to guess, they are safe from this threat. Additional details on the attack can be found at: http://www.symantec.com/enterprise/security_response/weblog/2007/02/driv eby_pharming_how_clicking_1.html <http://www.symantec.com/enterprise/security_response/weblog/2007/02/dri veby_pharming_how_clicking_1.html> . Oliver
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Drive-by Pharming Oliver Friedrichs (Feb 15)
- Re: Drive-by Pharming James Matthews (Feb 16)
- Re: Drive-by Pharming Knud Erik Højgaard (Feb 16)
- Re: Drive-by Pharming McCarty, Eric C. (Feb 16)
- Re: Drive-by Pharming Knud Erik Højgaard (Feb 16)
- <Possible follow-ups>
- Re: Drive-by Pharming psirt (Feb 16)
- Re: Drive-by Pharming Brian Eaton (Feb 16)
- Re: Drive-by Pharming Larry Seltzer (Feb 16)
- Re: Drive-by Pharming Dario Ciccarone (dciccaro) (Feb 16)
- Re: Drive-by Pharming Fabian (Lists) (Feb 16)
- Re: Drive-by Pharming pagvac (Feb 17)
- Re: [inbox] Re: Drive-by Pharming Exibar (Feb 18)
- Re: Drive-by Pharming James Matthews (Feb 16)