Slashdot Mirror

← Back to Stories (view on slashdot.org)

Drive-By Pharming In the Wild

Posted by kdawson on from the just-change-the-default-password-already dept.

An anonymous reader writes "Symantec reported Tuesday that the first case of drive-by pharming, in which a hacker changes the DNS settings on a customer's broadband router or wireless access point and directs the link to a fraudulent Web site, has been observed in the wild. The first drive-by pharming attack has been observed against a Mexican bank: 'It's associated with an e-mail pretending to be from a legitimate Spanish-language e-greeting card company, Gusanito.com,' says Symantec Security Response principal researcher Zulfikar Ramzan. Inside the e-mail is an HTML image tag but instead of displaying images, it sends a request to the home router to tamper with it."

10 of 205 comments (clear)

  1. Cold War Redux by explosivejared · · Score: 2, Funny

    Only this time it's between Mexican scammers and Nigerian ones. For years Nigerian scammers have exercised hegemony in the arena, but now Mexican scammers have upped the ante with this "pharming gap." This can only lead to a scams arms race with other nations as proxies and victims of the complex maneuvering of the two camps. As a helpless American I don't know how long I can stand being the play thing of two foreign powers duking it out for hegemony.

    By the way I'm rooting for the Nigerians in this grand campaign, at least their scams provide a laugh once and awhile.

    --
    I got a catholic block.
  2. Gusanito?? by Roadmaster · · Score: 3, Funny

    Dude, gusanito means literally "little worm"; I personally would never open an email saying "hey, you got a postcard from a little worm!". I don't know who would...

  3. Fankly, I'm suprised by Itninja · · Score: 3, Funny

    ...that this doesn't happen more often. I can drive through Seattle (and presumably any large city) with my laptop running a wireless network sniffer. After about 10 blocks, I could easily get into no less than 25 wireless routers. They are all configured with the default credentials. Of course, I don't. Sometimes, when it's a law firm, government agency, or some other organization with tons of [other peoples] personal information, I will even call them up and let them know about it, as a courtesy. They usually tell me to take a hike. Then I can show up at their door offering my services as a 'security consultant' (for $200/hr). 'Look here' I say. 'Look how I am easily changing the settings in your router.'. That's usually about the time they wet their $400 slacks and write me a check.

    --
    I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
    1. Re:Fankly, I'm suprised by canUbeleiveIT · · Score: 4, Funny

      ...that this doesn't happen more often. I can drive through Seattle (and presumably any large city) with my laptop running a wireless network sniffer. After about 10 blocks, I could easily get into no less than 25 wireless routers. They are all configured with the default credentials. Of course, I don't. Sometimes, when it's a law firm, government agency, or some other organization with tons of [other peoples] personal information, I will even call them up and let them know about it, as a courtesy. They usually tell me to take a hike. Then I can show up at their door offering my services as a 'security consultant' (for $200/hr). 'Look here' I say. 'Look how I am easily changing the settings in your router.'. That's usually about the time they wet their $400 slacks and write me a check.
      --

      "It's a simple question, doctor.
      Would you eat the moon if it was made of ribs, or not?"

      CORRECTION: Would you eat the moon if it were made of ribs, or not?

      In this case, the verb "to be" is in the subjunctive mood, which is used to indicate a situation that is hypothetical, conditional or somehow not certain.

      Now, this correction is just a courtesy. However, if you tell me to take a hike, I will show up at your door with A Writer's Reference by Diana Hacker, and you can scratch me out a check. Sorry, I don't know how much you paid for your pants.
    2. Re:Fankly, I'm suprised by canUbeleiveIT · · Score: 3, Funny

      You don't correct the grammar of a quote, douchebag.

      You do if the quote is quoted incorrectly with poor grammar, douchebag.

  4. Pharming??? by jez9999 · · Score: 5, Funny

    Will these terrible names, which apparently attempt to draw an analogy between a computer-related misdemeanor and some agricultural pastime, never end? I'm just waiting for some guy from F-Secure to call porn 'phucking'.

    --
    == Jez ==
    Do you miss Firefox? Try Pale Moon.
  5. Re:Pfft by WhatAmIDoingHere · · Score: 2, Funny

    So your router contains stuff you don't ever want to lose? Not quite the best idea.

    Also, the A in RAID stands for Array. RAID Array is like ATM Machine or PIN Number.

    --
    Not a Twitter sockpuppet... but I wish I was.
  6. Re:Definition? by Vyse+of+Arcadia · · Score: 3, Funny

    I dunno about anyone else, but to me it conjures up images of 90s-era Hollywood hackers. Suave guy in the driver's seat of a red car, his short, befreckled and bespectacled companion laboriously typing on a laptop while muttering things about "This is UNIX" and "His serving RAM is so unprocessed."

  7. Re:Pfft by edittard · · Score: 2, Funny

    If that's the delay between posts, it's more of a craptrickle.

    --
    At the bottom of the /. main page it says 'Yesterday's News'. Well they got that right.
  8. Re:Definition? by Anonymous Coward · · Score: 1, Funny
    I've got more ethics than that. Calm down bro

    I'd guess that the chances of someone having developed a strong sense of ethics and also using the word bro are pretty small.