Drive-by pharming attacks seen in the wild

By

The first drive-by pharming attacks have been spotted in the wild, researchers said this week.


The first drive-by pharming attacks have been spotted in the wild, researchers said this week.

The attack can use malicious HTML or JavaScript code placed within an email or on a webpage to infect a PC, according to researchers at Symantec Security Response.

The malicious code changes the victimized PC's DNS server settings, referring all requests to the attacker's server, researcher Zulfikar Ramzan said on the Security Response blog on Tuesday.

Ramzan, who discussed proof-of-concept drive-by pharming on the blog about a year ago, said that Symantec had found an in-the-wild variant posing as an e-card with a malicious IMG tag. The malware modified DNS settings to redirect traffic to a different – and likely malicious – webpage.

“Given the simplicity of the attack, and the potential widespread implications, we always felt that it would simply be a matter of time before it happened,” said Ramzan. “The building blocks have been out there for some time, and anyone with sufficient familiarity could easily put them together. I've said before, and I'd like to reiterate, that the technical details of the attack are not nearly as noteworthy as the potential widespread implications.”

The scheme requires a malware author to guess the victim's administrative password – not a difficult task since many end-users employ a default or are not aware a password even exists, according to Ramzan.

Symantec advised end-users to choose complicated passwords and reset the router. End-users who believe they are victims should change their website passwords.

See original article on scmagazineus.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
attacksdrivebyinpharmingsecurityseenthewild

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?