[dns-operations] "remotely changing a home router's DNS server was theoretically possible" (C|Net)

Francisco Arias farias at nic.mx
Tue Jan 22 20:28:22 UTC 2008


At 2008-01-22 16:17, Gadi Evron wrote:
>Paul Vixie wrote:
> > in <http://www.news.com/8301-10789_3-9855195-57.html> we see:
> >
> > January 22, 2008 10:19 AM PST
> > Drive-by pharming attack hits home
> > Posted by Robert Vamosi
> >
> > Whenever you type an address into an Internet browser, that address is
> > instantly resolved into the site's numerical Internet address by 
> a DNS server
> > located somewhere in the world. On Tuesday, Symantec announced that online
> > criminals have started to remotely redirect your home network router's DNS
> > server so that whenever you type in a financial institution or 
> other trusted
> > site, your browser will instead be redirected to a bogus or phishing Web
> > site.
> >
> > The practice, called pharming, usually attacks the DNS servers 
> directly, but
> > this latest attack brings it all home (if you are using broadband
> > connectivity). Fortunately, the routers and institutions affected by this
> > current attack are limited to one country, Mexico, but Symantec warns that
> > word of this real-world attack could bring similar attacks elsewhere.
>
>I am unsure of what specific attack (malware?) they are talking about
>which is MX specific, but SYMC is good with PR. I am however
>increasingly concerned with the ease of compromising broadband routers.

         There is an specific attack against Banamex (one of the 
largest mexican banks) customers redirecting the bank's web page to a 
forged site. The attack modifies the DNS entry on a 2Wire router 
which is fairly popular, as it is distributed by the mexican largest 
ISP (Telmex) to their customers.

         I personally received some of the emails that supposely 
modify the DNS entry some weeks ago, but never tried to see if it was real.

fjac 





More information about the dns-operations mailing list