Symantec has announced that online criminals have started to remotely redirect your home network router’s DNS server so that whenever you type in a financial institution or other trusted site, your browser will instead be redirected to a bogus or phishing Web site.
The practice, called pharming, usually attacks the DNS servers directly, but this latest attack brings it all home (if you are using broadband connectivity). Fortunately, the routers and institutions affected by this current attack are limited to one country, Mexico, but Symantec warns that word of this real-world attack could bring similar attacks elsewhere…
According to a blog by Zulfikar Ramzan, a researcher at Symantec, “the attackers embedded the malicious code inside an e-mail that claimed it had an e-card waiting for you at the Web site gusanito.com. Unfortunately the e-mail also contained an HTML IMG tag that resulted in an HTTP GET request being made to a router (the make of which is a popular router model in Mexico). The GET request modified the router’s DNS settings so that the URL for a popular Mexico-based banking site (as well as other related domains) would be mapped to an attacker’s Web site.”
Change the password out of the box. Change the password out of the box!
There is no patch for stupidity in any country.
“…an e-card waiting for you at the Web site gusanito.com.”
gusano=worm; -ito=little
‘Little worm’
You can’t say they don’t have a sense of humor…
These is an old patch being re-issued for the stupidity issue.
230 grain hollow-point 45 cal
Yeah.. Given the actual quantity of people having broadband in their homes.. Some eight hundred thousand, maybe a million. But it’s the same people that uses the net to get to the bank and do stuff. Pretty scary.. I actually know what it is about: Telmex, the kind of AT&T of ours, sells broadband under the name of “Prodigy Infinitum” (they bought the rights for the Prodigy name) and they install broadband modems from 2wire. Those are the affected products. Not “routers” as in WRT54G or Airport Extreme. And yes, because the attack to the modem is made from the inside, it’s easy given the stupidity of most windows users. Fortunately I only got UNIX in my home because I have the affected product. Have to call my dad though!
From what I have read on various web sites, broadband connectivity is ridiculously expensive in Mexico. One of the few areas where they out price the US.
Another simple security measure for most wireless routers: hide the SSID of your router.
#7, floyd,
How will hidding your SSID prevent an attack like this?
Hidding your SSID does nothing to prevent attack from a well informed hacker; packet sniffing software can capture a hidden SSID. This would only prevent Joe Neighbor from seeing your SSID.
You can get for like $85 plus tax unlimited local calls, something like 100 minutes for long distance and a 1024k broadband connection. I’m paying it separate. $62 including tax for 2mbps in 256k out, plus landline rent. Includes wifi access to thousands of access points in the republic, plus free roaming on AT&T and TMobile spots thorough the US.
http://eduardomx.blogspot.com/2008/01/2wire-vulnerability-reaches-mainstream.html