Drive-by Pharming - The Latest Security Threat

Researchers at Indiana University School of Informatics along with the Symantec security experts have predicted that pharming could begin to take on new dimensions- the new face of pharming is “Drive-By Pharming”.

In a paper written by the aforementioned, the authors have elucidated on how broad-band users are at a potential risk of “Drive-By Pharming”. Broad Band routers used by most net surfers are accompanied with
password security. In 50% of the cases, the default passwords of these routers are never changed, the research suggests. Broad Band routers which are used on a shared network basis are particularly susceptible to attack by Drive- By Pharming.

The extant version of pharming attacks are carried out via manipulation of either the host files on a victim’s computer or the DNS (domain name system). DNS servers are computers which resolve a website’s name to its corresponding IP address.

Drive-By Pharming ushers in a new strategy. If a Broad Band router is not password protected, or if the default password has not been changed, a deceptive webpage could change the router’s setting using the default password and a malicious JavaScript code.

JavaScript is a scripting language based on the concept of prototype-based programming and is mainly known for its use in websites.

Consequently, each time a DNS resolution- a process by which the IP address corresponding to each website name is determined, the hacker gets complete control over the websites visited by the user.

Through Drive-By Pharming, a hacker can easily misdirect a user to fraudulent websites, such as counterfeit banking, email and government sites. Personal information/account numbers, usernames, passwords, credit card PIN/security numbers are then delivered directly at the attacker’s doorstep.

Virtually, Drive-By Pharming would enable hackers to indulge in wholesale Phishing. In individual Phishing attacks, victims falsely believe they are logged on to a genuine website. In reality, attackers redirect them to spurious WebPages. Large scale Phishing or Pharming would allow hackers to install malicious software, apart from free misuse of precious information.

"Fortunately, this attack is easy to defend against," one of the paper's authors, Zulfikar Ramzan, said on his blog.

Existing security solutions on the market today cannot protect against Drive-By Pharming, since it targets the user's router directly, and the existing solutions only protect the user's computer system. Symantec's Consumer Business Unit has been actively working on technologies to help address this problem using client-side technology.

In their company's press release, Symantec Security Response has recommended users to employ a multi-layered protection strategy:

* Make sure that routers are uniquely password protected. Most routers come with a default administrator password which is easy for pharmers to guess and change.

* Use an Internet security solution that combines antivirus, firewall, intrusion detection, and vulnerability protection.

* Avoid clicking on links that seem suspicious - for example, those sent to you in an email from someone you don't recognize.

"This new research exposes a problem affecting millions of broadband users worldwide. Because of the ease by which drive-by pharming attacks can be launched, it is vital that consumers adequately protect their Broad Band routers and wireless access points today," said Oliver Friedrichs, director, Symantec Security Response.