The Symantec Security Response team, in conjunction with the Indiana University School of Informatics, have warned home broadband users that a new hacker technique which they have coined ‘drive-by pharming’ could be heading their way.
Pharming itself is nothing new of course, being the process of redirecting users from a legitimate website to a fake one complete with malicious payload by way of malware injected DNS server manipulation or host file changes as a rule. Where drive-by pharming differs is that the act of visiting a rogue website can trigger a remote DNS change at the broadband router or wireless access point level of vulnerable users. And Indiana University are saying that could be as many as half of all broadband users, as routers are often left in their default state with generic root passwords. The implications are frightening, because it means that requests for ecommerce and banking websites could be remotely diverted to fake sites in order to steal data: ‘phish pharming’ as it is known.