Drive-By pharming
Summary:
Drive-by pharming and phishing are not new. It is well known in commercial settings
since
wireless connection (Wi-Fi) was introduced. It involves authorized
access to a wireless network without being a registered user by
being
in the
vicinity of your network or wireless Internet connection.
Purpose:
To make you aware of potential ease dropping activities impacting
wireless networks, especially those using older Wi-Fi equipment &
protocols/standards, such as provided by many Internet Service providers.
Advice:
Since
wireless networks are basically radio signals, a predator within range
can access your wireless network- intercept & send e-mail, access files,
edit documents, format your drives and download viruses & bots. In
most cases, security features on wireless networks are not turned on
since
they are sold with default setting. It only takes
a few
minutes to configure them properly to protect your you and your network
connections.
We strongly suggest activating encryption
(WPA), setting up MAC access points to filter out casual users and closing
unnecessary network ports with a dedicated firewall. In addition, consider
encrypting highly sensitive information with a separate
encryption software.
Other dangerous scams occur when using Internet Cafes, Public
PC's and Free
Wi-Fi services which puts
you at risk when using wireless laptops away from home. Remember to activate wi-fi security protection at home, also.
With traditional pharming, an attacker aims to redirect a
user attempting to visit one Web site, to another bogus Web site. Pharming
can be conducted either by changing the host file on a victim's computer
or through the manipulation of the Domain Name System (DNS). Drive-by
pharming is a new type of threat in which a user visits a malicious web
site and an attacker is then able to change the DNS settings on a user's
broadband router or wireless access point.
DNS servers are computers
responsible for resolving Internet names into their real "Internet Protocol" or IP addresses, functioning as the "signposts" of
the Internet. In order for two computers to connect to each other on
the Internet, they need to know each other's IP addresses.
Drive-by pharming
is made possible when a broadband router is not password protected or
an attacker is able to guess the password -- for example, most routers
come with a well-known default password that a user never changes. "This new research exposes a problem affecting
millions of broadband users worldwide. Because of the ease by which drive-by
pharming attacks can be launched, it is vital that consumers adequately
protect their broadband routers and wireless access points today," said Oliver Friedrichs, Director, Symantec Security Response.
Drive-by pharming (farming) involves the use of JavaScript to change the settings of a user's home broadband router. Once the user clicks on a malicious link, malicious JavaScript code is used to change the DNS settings on the user's router. From this point on, every time the user browses to a web site, DNS resolution will be performed by the attacker. DNS resolution is the process by which one determines the Internet address corresponding to a web site's common name. This gives the attacker complete discretion over which web sites the victim visits on the Internet. For example, the user may think they are visiting their online banking web site but in reality they have been redirected to the attacker's site.
These fraudulent sites are an almost exact replica of the actual site so the user will likely not recognize the difference. Once the user is directed to the pharmer's "bank" site, and enters their user name and password, the attacker can steal this information. The attacker will then be able to access the victim's account on the "real" bank site and transfer funds, create new accounts, and write checks.
Phishing? Phishing is pronounced just like fishing is a way to trick you into revealing personal or financial information through a fraudulent e‑mail message or website. A common online phishing scam starts with an e‑mail message that looks like an official notice from a trusted source, such as a bank, credit card company, or reputable online merchant.
In the e‑mail message, recipients are directed unknown to a fraudulent website. Then you will be asked for personal information, like your bank account or credit card number, address and telephone number, your legal name, driver's license number, whether your own or rent your home, personal loads outstanding, and even your password. The purpose is to steal your identity so it can be used to apply for loans, more credit cards and purchase highly value items to sell quickly, even sell your home. Armed with this information, the crooks can change your address to a site they can manage and they proceed to milk you dry as quickly as possible. Then, of course, they disappear into thin air.
Not securing your wireless network is like leaving your front door wide open for anyone to walk in. Even if you have a firewall but do not protect the wireless end of your system, anyone will be able to access your computer or network. Someone with malicious intent can use your internet connection to attack other systems, steal your personal information and contacts or download illegal materials.
How big is the threat? "Symantec Security Response teamed with the Indiana University School of Informatics to study a significant new security threat called "Drive-by Pharming." In this attack, consumers may fall victim to pharming by having their home broadband routers reconfigured by a malicious Web site. According to a separate, informal study by Indiana University, up to 50 percent of home broadband users are susceptible to this attack."
Prevention advice- How to secure your home wireless network!
Symantec recommends that users employ a
multi-layered protection strategy:
- Make sure their routers are uniquely password protected. Most
routers come with a default administrator password which is easy for
pharmers to guess
- Use an Internet security solution that combines antivirus, firewall,
intrusion detection, and vulnerability protection
- Avoid clicking on links that seem suspicious - for example, those sent
to you in an email from someone you don't recognize.
