Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pharming Attack Targets Home Router DNS Settings

Posted by samzenpus on from the protect-ya-neck dept.

msm1267 (2804139) writes Pharming attacks are generally network-based intrusions where the ultimate goal is to redirect a victim's web traffic to a hacker-controlled webserver, usually through a malicious modification of DNS settings. Some of these attacks, however, are starting to move to the web and have their beginnings with a spam or phishing email. Proofpoint reported on the latest iteration of this attack, based in Brazil. The campaign was carried out during a five-week period starting in December when Proofpoint spotted phishing messages, fewer than 100, sent to customers of one of the country's largest telecommunications companies.

6 of 39 comments (clear)

  1. Word Overloading: by Hartree · · Score: 3, Informative

    In the life sciences, "Pharming" is using genetically engineered animals, like goats, to produce proteins or other substances, (especially those with pharmaceutical applications).

    Example: Genetically engineered goats that produce spider silk proteins in their milk that can then be extracted from it.

    see: http://www.bbc.com/news/scienc...

    (Warning, possible auto-play)

  2. Passwords again... by houstonbofh · · Score: 5, Insightful

    "They also try to brute force the admin page for the router using known default username-password combinations."

    About time to force manufactures to not have "default" passwords. If 2wire can do it on their amazingly cheap crap, so can others.

  3. Sounds a lot like what I saw last week by msobkow · · Score: 4, Informative

    At the beginning of last week, I saw a number of fake emails "returned" to my ISP email account. A day or two later, I received a phishing email requesting me to change my password for that email account.

    Today, someone tried the same thing for my Microsoft account.

    It's more creative than usual, but it is still just a phishing attack, and you can easily spot it by the fake URLs in the phishing emails.

    --
    I do not fail; I succeed at finding out what does not work.
    1. Re:Sounds a lot like what I saw last week by Qzukk · · Score: 2

      The problem is that if they manage to get your DNS settings changed, they can use real URLs in the phishing emails.

      --
      If I have been able to see further than others, it is because I bought a pair of binoculars.
  4. Not even by Billly+Gates · · Score: 4, Insightful

    Just Compromise an adserver with A flash exploit and You Can 0wn Tens Of thousands within hours.

    Whoever thought to run executables on random websites was a good idea? More proof adblock not user education is needed for security. Gone are the days of not clicking meant secure

    --
    http://saveie6.com/
  5. Check HOSTS For Security Vendors by Guy+From+V · · Score: 2, Interesting

    Just make sure your hosts file isn't populated with a random bunch of known security software vendors' names like eset, trendmicro, kaspersky, avira or some shit with a loopback to your local before them. I've seen some really screwed up hostfiles on my friends' PCs that look like that. I just trash them in favor of one of the well-known complete hostfiles that some dudes keep updating around the web ...I forget the names of the websites and authors...so...y'know...this advice is a big help lol. I'm sure someone remembers on here...