Drive-by pharming - Owns "Your" Routers

Discussion in 'other security issues & news' started by Hermescomputers, Jan 24, 2008.

Thread Status:
Not open for further replies.
  1. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Drive-by pharming: This attack is an exploit that targets your router if you leave it configured with the default password. All you need to be infected is to visit a web page with the exploit and just like that they "own" your router!

    Here's an article about it:
    Drive-by pharming: this nasty attack technique looks significant
    http://www.infoweek.ca/index.php?pa...flypage&product_id=1518&option=com_virtuemart

    Bottom Line: Change the default router password on your device today!
     
  2. tlu

    tlu Guest

    A little more detailed article here.
     
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,

    Looks like it takes quite a bit to actually launch something like this:

    - Get convinced to visit a site
    - Get convinced to click somewhere
    - Must have javascript enabled in the browser
    - Must have upnp enabled in router
    - Must have router password set to default

    Looks like a lot ...

    Mrk
     
  4. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Actually It's nothing really...
    I would estimate that most services visits we do on first time customers have routers turned on with wireless enabled but default password is usually what is in the machine, and most have WEP disabled as they find it too difficult to configured... never mind about WPA. or UPNP or anything else.

    I have seen Routers configured with DMZ static to a pc without a firewall or anti virus so the idiot could access "His Accounting Software" from the office...

    If you think it needs much to get anyone to visit a web site... Well e-mail phishing and other miscellaneous types of social engineering efforts are much to easy to even begin to explain here...

    The proof is in the numbers anyways... If it was so difficult it would be a rarity unfortunately I get some types or another my way almost daily...
     
  5. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    It doesn´t take much time that this happens, probably most users who buy their first router are trapped by such a trick and why so many routers use java/script as language, bad choice, imo.
     
  6. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?

    I think too many users are purchasing routers as an alternative to learning network and security concepts and they are really nice for us doing consulting as they greatly simplify setting up small LAN's with Internet access, but I think they have a tendency to provide a false sense of safety and they tend to make us lazy...
     
  7. david banner

    david banner Registered Member

    Joined:
    Nov 24, 2007
    Posts:
    576
    Can you recommend a book or site to learn network and security concepts. This upnp is not the same as thatmentione by Steve Gibson at http://www.grc.com/UnPnP/UnPnP.htm is it?

    Is it OK to disable this in my router? I am on a home LAN behind a firewalled router and have comodo firewall on my PC. Going slightly off topic I wondered if we are over zealous with security. I turned off my pc firewall last week and forgot to turn it on but still got a stealth reading from grc shields up.
     
  8. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Well, the router (which is a bit of a wrong name for these devices as they are gateway's not routers in the real sense), is not necessary at all in most environments I have seen them used. For exemple, the firewall built into most routers is inferior to say the Comodo firewal, has this firewall is far more feature rich and is probably better all around. Basically you do not need 2 firewalls on protecting your pc where they both would do the same. This is why you can turn off the firewall on your pc is still pass the tests at GRC for example as the router firewall is still working protecting your computer...

    As for the UPNP it is similar to the one built into windows in that it allows devices to self detect and configure each others without user intervention. The one in your router is design to interface with other network devices and do a similar task but network centric instead of device configuration... Disabling UPNP in your "Home" router will have no impact and is ok. This feature is mostly used on corporate LAN's where multiple devices need to talk to each other to automate device/network synchronization.

    And to answer your question more fully:
    http://www.sans.org/resources/malwarefaq/win_upnp.php

    As for books on security you can check out http://www.sans.org/ (A better resource than most books)
     
    Last edited: Feb 26, 2008
  9. david banner

    david banner Registered Member

    Joined:
    Nov 24, 2007
    Posts:
    576
    Mine is a modem/router and also is my gateway i think

    OK Thanks ;)
     
Loading...
Thread Status:
Not open for further replies.