Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Drive-by Pharming Threat

from [Zulfikar Ramzan] Network Security [Permanent Link]
Subject: Drive-by Pharming Threat
Date: Thu, 15 Feb 2007 13:02:46 -0800 
We discovered a new potential threat that we term "Drive-by Pharming".  An 
attacker can create a web page containing a simple piece of malicious 
JavaScript code.  When the page is viewed, the code makes a login attempt into 
the user's home broadband router and attempts to change its DNS server settings 
(e.g., to point the user to an attacker-controlled DNS server).   Once the 
user's machine receives the updated DNS settings from the router (e.g., after 
the machine is rebooted) future DNS request are made to and resolved by the 
attacker's DNS server.   

The main condition for the attack to be successful is that the attacker can 
guess the router password (which can be very easy to do since these home 
routers come with a default password that is uniform, well known, and often 
never changed).  Note that the attack does not require the user to download any 
malicious software - simply viewing a web page with the malicious JavaScript 
code is enough.  

We've written proof of concept code that can successfully carry out the steps 
of the attack on Linksys, D-Link, and NETGEAR home routers.  If users change 
their home broadband router passwords to something difficult for an attacker to 
guess, they are safe from this threat. 

Additional details on the attack can be found at:  
http://www.symantec.com/enterprise/security_response/weblog/2007/02/driveby_pharming_how_clicking_1.html
  

Thanks,

Zulfikar Ramzan


________________________________________

Zulfikar Ramzan
Sr. Principal Security Researcher
Advanced Threat Research
Symantec Corporation
www.symantec.com
-----------------------------------------------------
-----------------------------------------------------
This message (including any attachments) is intended only for the use of the 
individual or entity to which it is addressed and may contain information that 
is non-public, proprietary, privileged, confidential, and exempt from 
disclosure under applicable law or may constitute as attorney work product. If 
you are not the intended recipient, you are hereby notified that any use, 
dissemination, distribution, or copying of this communication is strictly 
prohibited. If you have received this communication in error, notify us 
immediately by telephone and (i) destroy this message if a facsimile or (ii) 
delete this message immediately if this is an electronic communication. Thank 
you.

 
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Apache Multiple Injection Vulnerabilities, Hugo Vázquez Caramés
Next by Date:  [USN-422-1] ImageMagick vulnerabilities, Kees Cook
Previous by Thread:  MSN redirect Bug, h4x0r_ir
Next by Thread:  Re: Drive-by Pharming Threat, Mark Senior
Indexes:  [Date] [Thread] [Top] [All Lists]