IT Management Begins With Security
SecurityProNews > News > Security News > Clicking A Link Gets More Dangerous
Search:
[ news_security_news ]

Clicking A Link Gets More Dangerous



David Utter
Staff Writer
2007-02-15

SecurityProNews: News RSS Feed Security News RSS Feed


The developers who built a proof of concept they call Drive-By Pharming said that by simply viewing the malicious web page would trigger major changes in someone's home broadband router or wireless access point.

Researcher Zulfikar Ramzan from Symantec, and Sid Stamm & Markus Jakobsson of the Indiana University School of Informatics, released a paper on Drive-By Pharming in December 2006. Its purpose was to illustrate the danger of not changing a default password in one's crucial piece of Internet connectivity, the router or wireless access point.

Through JavaScript hosted on a malicious web page, an attacker can alter a router with a default password in place so that it performs DNS lookups through the attacker's machine.

This way, the attacker can direct the web browser to any sites he wants. Since these criminals want to profit on their efforts, this could mean being redirected to spoofed bank, credit card, or other sites. From there personal information would be stolen and probably put to misuse immediately.

"I believe this attack has serious widespread implications and affects many millions of users worldwide," said Ramzan. "Fortunately, this attack is easy to defend against as well."

The ease of the attack is the greater concern. Due to the regular practice of having JavaScript enabled in a web browser to properly view many websites, most browsers enable this router-grabbing attack to take place.

People continue to demonstrate that they will click on unfamiliar links in messages, no matter about the identity of the sender. If those users haven't taken the step to change the router's default password, it's only a matter of time before someone reconstructs Ramzan's attack and turns it loose online.

---
Tag:

Add to Del.icio.us | Digg | Reddit | Furl

Get all the SecurityProNews updates:




About the Author:
David Utter is a business and technology writer for SecurityProNews, WebProNews, and InternetFinancialNews.

More news_security_news Articles

SecurityProNews: News RSS Feed Security News RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - 1998-2008 All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds