Drive-By Pharming In the Wild

An anonymous reader writes "Symantec reported Tuesday that the first case of drive-by pharming, in which a hacker changes the DNS settings on a customer's broadband router or wireless access point and directs the link to a fraudulent Web site, has been observed in the wild. The first drive-by pharming attack has been observed against a Mexican bank: 'It's associated with an e-mail pretending to be from a legitimate Spanish-language e-greeting card company, Gusanito.com,' says Symantec Security Response principal researcher Zulfikar Ramzan. Inside the e-mail is an HTML image tag but instead of displaying images, it sends a request to the home router to tamper with it."

Gusanito??

[Roadmaster]

Dude, gusanito means literally "little worm"; I personally would never open an email saying "hey, you got a postcard from a little worm!". I don't know who would...

Fankly, I'm suprised

[Itninja]

...that this doesn't happen more often. I can drive through Seattle (and presumably any large city) with my laptop running a wireless network sniffer. After about 10 blocks, I could easily get into no less than 25 wireless routers. They are all configured with the default credentials. Of course, I don't. Sometimes, when it's a law firm, government agency, or some other organization with tons of [other peoples] personal information, I will even call them up and let them know about it, as a courtesy. They usually tell me to take a hike. Then I can show up at their door offering my services as a 'security consultant' (for $200/hr). 'Look here' I say. 'Look how I am easily changing the settings in your router.'. That's usually about the time they wet their $400 slacks and write me a check.

Re:Fankly, I'm suprised

[canUbeleiveIT]

...that this doesn't happen more often. I can drive through Seattle (and presumably any large city) with my laptop running a wireless network sniffer. After about 10 blocks, I could easily get into no less than 25 wireless routers. They are all configured with the default credentials. Of course, I don't. Sometimes, when it's a law firm, government agency, or some other organization with tons of [other peoples] personal information, I will even call them up and let them know about it, as a courtesy. They usually tell me to take a hike. Then I can show up at their door offering my services as a 'security consultant' (for $200/hr). 'Look here' I say. 'Look how I am easily changing the settings in your router.'. That's usually about the time they wet their $400 slacks and write me a check.
--

"It's a simple question, doctor.
Would you eat the moon if it was made of ribs, or not?"

CORRECTION: Would you eat the moon if it were made of ribs, or not?

In this case, the verb "to be" is in the subjunctive mood, which is used to indicate a situation that is hypothetical, conditional or somehow not certain.

Now, this correction is just a courtesy. However, if you tell me to take a hike, I will show up at your door with A Writer's Reference by Diana Hacker, and you can scratch me out a check. Sorry, I don't know how much you paid for your pants.

Re:Fankly, I'm suprised

[canUbeleiveIT]

You don't correct the grammar of a quote, douchebag.

You do if the quote is quoted incorrectly with poor grammar, douchebag.

Pharming???

[jez9999]

Will these terrible names, which apparently attempt to draw an analogy between a computer-related misdemeanor and some agricultural pastime, never end? I'm just waiting for some guy from F-Secure to call porn 'phucking'.

Re:Definition?

[Vyse+of+Arcadia]

I dunno about anyone else, but to me it conjures up images of 90s-era Hollywood hackers. Suave guy in the driver's seat of a red car, his short, befreckled and bespectacled companion laboriously typing on a laptop while muttering things about "This is UNIX" and "His serving RAM is so unprocessed."