Pharming: Drive-by Pharming in the Wild
January 30, 2008 by Shanmuga
Filed under Pharming
"We recently saw instances of actual attackers attempting a basic version of drive-by pharming. Given the simplicity of the attack and the potential widespread implications, we always felt that it would simply be a matter of time before it happened. The building blocks have been out there for some time and anyone with sufficient familiarity could easily put them together. I’ve said before and I’d like to reiterate that the technical details of the attack are not nearly as noteworthy as the potential widespread implications.
In one real-life variant that we observed, the attackers embedded the malicious code inside an email that claimed it had an e-card waiting for you at the Web site gusanito.com. Unfortunately the email also contained an HTML IMG tag that resulted in an HTTP GET request being made to a router (the make of which is a popular router model in Mexico). The GET request modified the router’s DNS settings so that the URL for a popular Mexico-based banking site (as well as other related domains) would be mapped to an attacker’s Web site." - Content courtesy of Symantec Security Response Weblog: Drive-by Pharming in the Wild
If you enjoyed this post, make sure you subscribe to my RSS feed!
Comments
Everyone has an Opinion...why don't you share yours and oh, if you want a pic to show with your comment, go get a gravatar! or you can even subscribe to our comments feed.