'Bank raid' risk for web users

February 20, 2007

| Submit Comments | Comments (12) | Previous | Next

MILLIONS of internet users could unwittingly give their bank account details to criminals via a new scam.

Up to half of home broadband customers may be susceptible to a type of attack known as 'drive-by pharming', experts warn.

Simply by viewing a rogue website, without downloading any software, they could be targeted.

Visiting the site activates a system that re-routes the user away from his normal server. Without realising it, victims are connected to a new server, controlled by criminals, who can direct them anywhere they like on the net.

Next time they log on to look at their bank account or pay a bill, the new server directs them to a replica site which could be an exact copy of the real one.

The victim's user name and password can then be stolen, allowing the attacker to access the `real' bank site and rob the account.

Broadband routers employ different systems and not all are vulnerable to drive-by pharming.

But experts say up to 50 per cent of popular wireless routers could be at risk because they are so easy to access.

Software specialist Dr Zulfikar Ramzan said: "The attacker will try to get you to go to his website.

Gossip

"It might be a new video of Britney Spears with her bald head, gossip, celebrity pictures or pornography. All you have to do is look at it. They say curiosity killed the cat - now it may also kill your bank account."

It is not known whether anyone has yet fallen victim to `drive-by pharming', but Dr Ramzan said he felt it essential to warn people.

The scam involves the use of a JavaScript code to change the settings of a user's home broadband route, which provides the link with the server.

One way to guard against it was to change the default internal password used by the router, said Dr Ramzan.

Users should be wary of clicking on links or sites that seem in any way suspicious, he said.

He added: "We're working night and day to find ways of defending against these threats.

"You have to keep one step ahead and be able to react quickly."

Existing security solutions that only protect a user's home computer system cannot prevent attacks such as drive-by pharming.

His US firm is looking at new systems that can monitor the behaviour of a program and spot when it is acting strangely.

"That could enable us to counter threats we haven't even seen yet, but the problem is how to prevent it being triggered by legitimate activity," he said.

Expert Prof Markus Jakobsson said the dangers highlighted the human Achilles heel in internet security.

He added: "To a large extent, it's a social threat, with people being tricked to install things or de-activate countermeasures. It's becoming much more sophisticated and prevalent - and it's becoming much more of a complex threat."

| Submit Comments | Comments (12) | Previous | Next

Showing comments 1 to 12 and replies | View All

D Moriarty, Long Beach, CA (20/02/2007 at 17:33)

KEY element in story -- ALL you've got to do to protect yourself is change the default password in your router -- which your router instructions TELL YOU TO DO in no uncertain terms.

It's sad that, apparently, experts estimate as many as half of users don't do that.

But it's THEIR stupidity or sloth...

J Chavez, Long Beach (20/02/2007 at 17:40)

Another alternative for users is to download the popular HotSpot Shield from Anchorfree.com. I use this product whether I'm at home on my personal network or using a public hotspot. This FREE security product will create a private tunnel between the user and the router preventing drive-by pharming attacks and other threats. I highly recommend that people download this resource.

Chad, US (20/02/2007 at 17:46)

I love how the solution is burried in the story. Everything else is just trying to cause scare. typical reporting, I guess.

Brian Croner, Santa Ana, CA (20/02/2007 at 17:47)

You know what? As long as people generally don't know as much as the cybercriminals who prey upon them, the crooks will always be two steps ahead. The power of computers allows for their versatility. This versatility empowers criminals to find their opportunities to screw people over. There needs to be a completely new software network architecture for security to actually work.

think!, Albany NY (20/02/2007 at 17:48)

Change the password! Make it complex (include numbers and letter, upper and lower case, at least 5 or 6 characters, etc.). Write it down and lock it away!

bringiton, US (20/02/2007 at 18:25)

Nice that Manchester Evening News website bypasses Firefox's popup blocker and loads third-party websites without any user consent. Glad to know that Manchester Evening News is 100% certain that none of their advertisers utilize drive-by hacking exploits, as it would be a pity to see them be held legally liable for facilitating such an attack...

Nicholas Kulkarni Dip.Comp(open), Kings Lynn (20/02/2007 at 18:56)

I run a small computer services company and have already seen host file and lsp redirect attacks on my customers pc's

Drive by pharming attacks are growing in number, variety and frequency. However more worrying are the root kit based variants and they are almost impossible for the average user to detect reliably

schafee, Quebec,Canada (20/02/2007 at 18:57)

I read this and I was wondering, does this only vulnerable for people with Broadband ? or os it also for dial in modem ?
I agree, constantly changing the log in data is important, Please inform if you know the answer. Thanks, schafee

Nicholas Kulkarni Dip.Comp(open), Kings Lynn (20/02/2007 at 18:59)

having checked your website with lower security settings I agree with the other comments your advertising and popups are invites to drive by pharming

I think your web server needs a little look at. I hope its me that does the probe and not a black hat hacker or you could be party to some nasty tricks

Ivan Hubscher, Chicago, United States of America (20/02/2007 at 19:09)

The only solution is to make laws defining viruses, worms, trojans and other undesireable scripts as "Cyberterrorism". Then to apply anti terrorism laws to "Cyberterrorism".

In addition, all countries must agree to hunt down, persecute and prosecute cyberterrorists. If any country declines to enforce this international law then any other country would be able to bypass their soveriegnty to capture cyberterrorists protected by a recalcitrant government.

I would bet that the execution of six to 10 cyberterrorists would dramatically reduce the cyber threats of all kinds.

IMH

Tony, Phoenix (20/02/2007 at 19:30)

As long as people are ignorant enough to think all they have to do is turn their machine on... we will have these problems.

It astounds me how many people flatly refuse to learn anything about what they're doing with their computers.

Andrew Turvey, Nottingham, England (21/02/2007 at 13:46)

The only way of dealing with this threat is the same as any other criminal threat - better detection and more prosecutions. At the moment scammers know they will never be caught - the police response is wholly inadequate. Technical fixes will never be a solution.

()

Report

News