Drive-by pharming

With drive-by pharming attack on Home is router called. A combination of JavaScript and Java applets enables access to the web interface of an individual router as soon as a user accesses such a prepared page. This changes the DNS server in the router and it is possible to lead the user to a fraudulent site. It is a variant of pharming , which in turn is a further development of phishing .

Drive-by pharming only works if the user has not changed the router's standard password . The change is only noticed when the user accesses the router's web interface . B. notices the homepage of his bank or makes changes in the router. As a protective measure, it is sufficient for the owner of the router to change the router's default password and use a secure password. Another possibility is to prevent the execution of JavaScript in the browser with additional programs such as NoScript and, if necessary, to enable it only selectively: Although the blanket suppression of JavaScript prevents the full functionality of the majority of Internet pages, many of them can still be displayed to a sufficient extent.

Web links

• Danger for home routers at Heise.de
• Drive-by pharming in blog from Symantec ( English )
• XSLSA: Attacks on SOHO routers (PDF, 660 kB) at www.yanux.ch