Computer experts have identified a new risk posed to broadband users. Home broadband connections could be hijacked by cybercriminals - users are routed to bogus bank websites and personal information could then be accessible to hackers.
The technique named as "drive-by pharming" tricks users into believing they are visiting a legitimate bank's website - the user need only view the page (with malicious code) to become a victim; no clicking or downloading is required. The code is able to hack into the user's router, thus re-routing the user from his legitimate bank website to a phony one.
Zulfikar Ramzan, an expert at Symantec investigated the ease with which hackers could potentially gain access to financial information:
"All you have to do to become a victim is simply visit a web page that hosts some malicious code.
"I believe this attack has serious implications. The new threats are worrying because they are silent and invisible, making it more difficult to convey to the public. All people have to do to protect themselves is change their home router password."
Users can eliminate the risk by changing their router's password. It is estimated that around 50 per cent of people do not change the password from its default setting. Hackers will be aware that the default password is generally "admin" or "password" and use the fact to their advantage. Users are advised to change the router password from its default setting as soon as the connection is set up. You can access your router via your web browser and its web address should be in the instruction manual.
It is advised that users should only buy routers from reliable sources and ensure the packaging has not been tampered with.
Although there are no known incidences of personal theft from this means so far reported, experts are justifiably concerned enough to place the issue in the public domain.
Further information can be found at:
http://www.symantec.com/enterprise/security_response/weblog/2007/02/driveby_pharming_how_clicking_1.html
privacy and cookies policy