Drive-By Pharming: This Nasty Attack Technique Looks Significant

The first time I learned of the concept of drive-by pharming was when reading about a presentation given by application security expert Jeremiah Grossman at Black Hat in mid-2006. It's a concerning attack technique, not just because it enables an attacker to do nasty things, but also because of how passively Web users can become victimized. Until very recently, this attack was merely theoretical.According to security firm Symantec, it has seen the attack under way in the real world. And in order to get nailed with this, all you need is to have the factory-set password in place, and click on the wrong Web page, or simply view the wrong e-mail, since the attack is most often inflicted through specially crafted HTML or JavaScript.

The attacker then reconfigures the targeted router's DNS server settings. Now, the attacker effectively controls the victim's Internet connection. According to Symantec, the attack they spotted redirects users trying to access a popular Mexican bank's Web site in Mexico to a malicious Web site instead.

That makes this attack so dangerous to not only anyone who has failed to reset their factory router passwords, but anyone who visits a site managed by anyone who also has failed to do the same.

On its blog, Symantec goes into more detail, and lists some things that can be done to protect yourself. Things that should already have been done in the first place: stay away from untrustworthy sites, don't blindly click links in e-mail, and change the default router password. Let's hope many home users and business do the latter. Like, now.