Subscribe to Malware Help RSS Feed RSS Feed - Subscribe to Malware Help. Org on Twitter Follow on Twitter - Malware Help YouTube Channel YouTube Channel - Subscribe to Malware Help by Email Subscribe by Email

Pharming: Drive-by Pharming in the Wild

by Shanmuga| Tweet This | Google +1 | Facebook | Stumble It | Reddit | Digg |

malware-help0024-12-jan-08.jpg"We recently saw instances of actual attackers attempting a basic version of drive-by pharming. Given the simplicity of the attack and the potential widespread implications, we always felt that it would simply be a matter of time before it happened. The building blocks have been out there for some time and anyone with sufficient familiarity could easily put them together. I’ve said before and I’d like to reiterate that the technical details of the attack are not nearly as noteworthy as the potential widespread implications.

In one real-life variant that we observed, the attackers embedded the malicious code inside an email that claimed it had an e-card waiting for you at the Web site Unfortunately the email also contained an HTML IMG tag that resulted in an HTTP GET request being made to a router (the make of which is a popular router model in Mexico). The GET request modified the router’s DNS settings so that the URL for a popular Mexico-based banking site (as well as other related domains) would be mapped to an attacker’s Web site." – Content courtesy of Symantec Security Response Weblog: Drive-by Pharming in the Wild

{ 0 comments… add one now }

Leave a Comment

Previous post:

Next post: