Broadband routers welcome drive-by hackers
JavaScript-enabled DNS chicanery
Posted in Software & Security, 15th February 2007 20:27 GMT
Free whitepaper – Essential archive requirements for eDiscovery
Still using the default password that came with that nice broadband router you installed at home? Time to get off your butt and change it: visiting the wrong website is enough to have key settings changed on the most popular models.
Symantec warns attackers can employ a simple piece of JavaScript to modify a router's domain name server settings. Once the router is rebooted, a rogue DNS will send the victim to spoofed websites with malicious intent.
That could unleash all kinds of new phishing expeditions, Symantec says. For example, the new DNS could route a request for bankofamerica.com or Microsoft's update site to fraudulent sites that steal login details or install back doors.
A proof of concept works with popular models made by Linksys, D-Link and Netgear, but only if they use the default password. Hence, the attack can be thwarted by setting a new password that's not easy to guess.
As with many of the recently discovered browser-related vulnerabilities, attacks also require JavaScript to be enabled. Running a program such as the NoScript extension to Firefox is also a safeguard in these cases. ®
Free whitepaper – Five essential considerations for Exchange 2007 implementations
The future of SaaS and IT infrastructure management
The mandate for application security
Extended Validation SSL Certificates
Avoiding 7 common mistakes of IT security compliance

Sign up, sign up for The Register IT security newsletter
Former top Sun exec mourns end of a franchise
Win an HTC Touch Diamond2!