Millions Vulnerable to New Hack Attack

Elizabeth Millard,
Mon Feb 19, 1:25 PM ET

Security firm Symantec and the Indiana University School of Informatics have discovered a new type of security threat that could leave up to 50 percent of home broadband users susceptible to attack.

Called "drive-by pharming," the threat is focused on home routers, which can be reconfigured and directed to a malicious Web site if default settings and passwords are being used.

With traditional pharming, an attacker redirects a user from a legitimate Web site to a bogus Web site that contains malicious code. Pharming attacks can be executed by either changing the host file on a victim's PC or manipulating a domain name system (DNS) server.

In the new scheme, when a user visits a malicious Web site, an attacker is able to remotely change the DNS settings on the broadband router or wireless access point and reroute requests for legitimate sites -- like online banking sites or financial institutions -- to bogus sites designed to steal login information.

Default Passwords

The security team that examined the issue believes that the problem potentially affects millions of broadband users worldwide, and that the attacks can be easily launched. The researchers urged users to protect their broadband routers and wireless access points by changing their default passwords.

Drive-by pharming is dangerous not only because it directs users to malicious sites, but also because an attacker can permanently change router settings, exposing unwitting victims to ongoing attacks.

"This new research exposes a problem affecting millions of broadband users worldwide," Oliver Friedrichs, director of Symantec Security Response, said in a statement. "Because of the ease by which drive-by pharming attacks can be launched, it is vital that consumers adequately protect their broadband routers and wireless access points today."

Symantec recommends that users should change their default passwords and= employ a multilayered security strategy consisting of an Internet security program that combines antivirus, firewall, intrusion detection, and vulnerability protection. Also important, the research team noted, is avoiding clicking on links that seem suspicious.

User Education

But the main issue, according to Sophos senior technology consultant Graham Cluley, is that many users either do not change settings or use the password supplied by the manufacturer. Many devices are given obvious passwords for shipping and setup, such as "administrator" or "password," which Cluley noted are very easy for hackers to guess.

"For the sake of thirty seconds' effort, home users may be leaving themselves dangerously open to attack by not changing their passwords," he said.

While the great likelihood of attack predicted by Symantec could have some effect on user education, Cluley said he hopes that router makers will also take notice and design their software to be more insistent about changing default passwords.

"More prominent warnings that passwords have not been changed from their default might help encourage users to take this relatively simple step," he said. An additional line of defense is to disable JavaScript on untrusted Web sites, he added.

Copyright © 2007 NewsFactor Network, Inc.