Web users facing new online threatExperts warn of 'drive-by pharming' attacks

20 February 2007

 

A man working on a laptop

The new broadband deal is cheaper

Millions of broadband users are potentially at risk from a newly identified network threat that could allow criminals to prey on curious web surfers.

Up to 50 per cent of home broadband customers may be susceptible to a type of attack known as ‘drive-by pharming’, experts warn.

Simply by viewing a rogue website, without downloading any software, they could unwittingly allow their bank accounts to be targeted.

Visiting the site activates a system that re-routes the user away from his or her normal server. Without realising it, victims are connected to a new server, controlled by criminals, who can direct them anywhere they like on the internet.

Identity theft

Next time they log onto their bank, to look at their account or pay a bill, the new server directs them to a replica bank site which could be an exact copy of the real one.

The victim's user name and password can then be stolen, allowing the attacker to access the ‘real’ bank site and rob the account of funds.

Broadband routers employ different systems and not all are vulnerable to drive-by pharming.

But the experts say up to 50 per cent of popular wireless routers could be at risk because they are so easy to access.

Dr Zulfikar Ramzan, from the software company Symantec, said experts trying to keep one step ahead of the cyber-scammers had only just become aware of the threat.

Cyber scammers

Speaking at the annual meeting of the American Association for the Advancement of Science in San Francisco, he said: ‘The attacker will try to get you to go to his website.

‘It might be a new video of Britney Spears with her bald head; gossip, celebrity pictures, or pornography. All you have to do is look at it. They say curiosity killed the cat; now it may also kill your bank account.’

It is not known whether anyone has yet fallen victim to ‘drive-by pharming’, but Dr Ramzan said he felt it was essential to warn people of the threat.

Drive-by pharming involves the use of a JavaScript code to change the settings of a user's home broadband route, which provides the link with the server.

One way to guard against drive-by pharming was to change the default internal password used by the router, said Dr Ramzan.

Existing security solutions that only protect a user's home computer system cannot prevent attacks such as drive-by pharming.

Symantec is looking at new systems that can monitor the behaviour of a program and spot when it is acting strangely.

© The Press Association, All rights reserved.