Broadband routers welcome drive-by hackers
PrintJavaScript-enabled DNS chicanery
Posted in Software & Security, 15th February 2007 20:27 GMT
Free whitepaper – Managing desktop software for fun and profit
Still using the default password that came with that nice broadband router you installed at home? Time to get off your butt and change it: visiting the wrong website is enough to have key settings changed on the most popular models.
Symantec warns attackers can employ a simple piece of JavaScript to modify a router's domain name server settings. Once the router is rebooted, a rogue DNS will send the victim to spoofed websites with malicious intent.
That could unleash all kinds of new phishing expeditions, Symantec says. For example, the new DNS could route a request for bankofamerica.com or Microsoft's update site to fraudulent sites that steal login details or install back doors.
A proof of concept works with popular models made by Linksys, D-Link and Netgear, but only if they use the default password. Hence, the attack can be thwarted by setting a new password that's not easy to guess.
As with many of the recently discovered browser-related vulnerabilities, attacks also require JavaScript to be enabled. Running a program such as the NoScript extension to Firefox is also a safeguard in these cases. ®
The Register Agile Data Center Summit
What Exchange can't do - and Dell can
New storage architectures make SSDs more cost-effective
Dell PowerEdge R710 solution with VMware ESX vs. Dell PowerEdge 2850 solution
Sign up, sign up for The Register IT security newsletter
Microsoft's Windows 7 price gamble - and why it's flawed
Managing Desktop Software for fun and profit
Intel's flash new SSDs hit by bugs