Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Security

Pharming Attack Targets Home Router DNS Settings 39

msm1267 (2804139) writes Pharming attacks are generally network-based intrusions where the ultimate goal is to redirect a victim's web traffic to a hacker-controlled webserver, usually through a malicious modification of DNS settings. Some of these attacks, however, are starting to move to the web and have their beginnings with a spam or phishing email. Proofpoint reported on the latest iteration of this attack, based in Brazil. The campaign was carried out during a five-week period starting in December when Proofpoint spotted phishing messages, fewer than 100, sent to customers of one of the country's largest telecommunications companies.
This discussion has been archived. No new comments can be posted.

Pharming Attack Targets Home Router DNS Settings

Comments Filter:
  • Word Overloading: (Score:4, Informative)

    by Hartree ( 191324 ) on Sunday March 01, 2015 @01:02PM (#49159013)

    In the life sciences, "Pharming" is using genetically engineered animals, like goats, to produce proteins or other substances, (especially those with pharmaceutical applications).

    Example: Genetically engineered goats that produce spider silk proteins in their milk that can then be extracted from it.

    see: http://www.bbc.com/news/scienc... [bbc.com]

    (Warning, possible auto-play)

  • Passwords again... (Score:5, Insightful)

    by houstonbofh ( 602064 ) on Sunday March 01, 2015 @01:04PM (#49159021)
    "They also try to brute force the admin page for the router using known default username-password combinations."

    About time to force manufactures to not have "default" passwords. If 2wire can do it on their amazingly cheap crap, so can others.
  • by msobkow ( 48369 ) on Sunday March 01, 2015 @01:04PM (#49159023) Homepage Journal

    At the beginning of last week, I saw a number of fake emails "returned" to my ISP email account. A day or two later, I received a phishing email requesting me to change my password for that email account.

    Today, someone tried the same thing for my Microsoft account.

    It's more creative than usual, but it is still just a phishing attack, and you can easily spot it by the fake URLs in the phishing emails.

    • by Qzukk ( 229616 )

      The problem is that if they manage to get your DNS settings changed, they can use real URLs in the phishing emails.

    • by tlhIngan ( 30335 )

      At the beginning of last week, I saw a number of fake emails "returned" to my ISP email account. A day or two later, I received a phishing email requesting me to change my password for that email account.

      Today, someone tried the same thing for my Microsoft account.

      It's more creative than usual, but it is still just a phishing attack, and you can easily spot it by the fake URLs in the phishing emails.

      Actually, the first is a standard joe-job where they fake the From address. Obviously your ISP isn't using SP

      • by msobkow ( 48369 )

        Ah, yes, my ISP with over 25 years experience servicing hundreds of thousands of customers with over five million email addresses clearly doesn't know what they're doing.

        It couldn't possibly be that the people behind the phishing attacks are custom-crafting the address chains in the fake "delivery failure" messages. Oh, no, it's clearly my ISP at fault because this is the only time this has happened in over 15 years of using them.

        I sure hope you aren't responsible for securing anything more important

  • Not even (Score:5, Insightful)

    by Billly Gates ( 198444 ) on Sunday March 01, 2015 @01:05PM (#49159029) Journal

    Just Compromise an adserver with A flash exploit and You Can 0wn Tens Of thousands within hours.

    Whoever thought to run executables on random websites was a good idea? More proof adblock not user education is needed for security. Gone are the days of not clicking meant secure

  • by Anonymous Coward

    "Pharming attacks are ..." yet another stupid buzzword that some guy with a marketing degree thought was cute. For fuck's sake, just call it what it is, traffic redirection, or perhaps traffic hijacking. Everyone will understand just fine. "Pharming" (or farming) doesn't even make any sense in this context. If you insist on coming up with a new name for everything, I heard The Weather Channel is hiring.

    • by arth1 ( 260657 )

      Incidentally, I thought this feeble exploit attempt was called "pharming" just so the author could feel justified in calling the next and bigger one "pharmageddon".

      I'm personally glad for all these fishing attacks and exploits relying on a human element. With the lack of other predation lately, they're sorely needed to cull the human genome. Presumably enough idiots will lose enough on this that it allows for a mild selection for those with more sense.

    • "Phishing" actually makes a bit of sense, as in an attempt to snare victims with a false lure of sorts, such as a phony website. "Spear phishing" is a logical extension of this, a very directed phishing attack made at a particular company, or even a specific person, used to gain corporate access. I thought those were sort of clever, and gave us an accurate way to describe those very common attacks.

      This one... yeah, not so much.

      According to Wikipedia:

      The term "pharming" has been controversial within the field. At a conference organized by the Anti-Phishing Working Group, Phillip Hallam-Baker denounced the term as "a marketing neologism designed to convince banks to buy a new set of security services". Scott Chasin, a former CTO of McAfee and founder of email security firm MX Logic, coined the term in 2005.

      Let's just call it what it is: a specific type of phishi

    • Totally.

  • by Guy From V ( 1453391 ) on Sunday March 01, 2015 @02:35PM (#49159449) Homepage

    Just make sure your hosts file isn't populated with a random bunch of known security software vendors' names like eset, trendmicro, kaspersky, avira or some shit with a loopback to your local before them. I've seen some really screwed up hostfiles on my friends' PCs that look like that. I just trash them in favor of one of the well-known complete hostfiles that some dudes keep updating around the web ...I forget the names of the websites and authors...so...y'know...this advice is a big help lol. I'm sure someone remembers on here...

There's nothing worse for your business than extra Santa Clauses smoking in the men's room. -- W. Bossert

Working...