Drive-By Pharming

Sid Stamm, Zulfikar Ramzan and Markus Jakobsson

View Related Documents

Book Chapter
Experiences with Host-to-Host IPsec
Tuomas Aura, Michael Roe and Anish Mohammed
Lecture Notes in Computer Science, 2007, Volume 4631, Security Protocols, Pages 3-22
- Download PDF (1.1 MB)
Journal Article
Evolution of cross site request forgery attacks
Renaud Feil and Louis Nyffenegger
Journal in Computer Virology, 2008, Volume 4, Number 1, Pages 61-71
- Download PDF (599.6 KB)
Journal Article
On JavaScript Malware and related threats
Web page based attacks revisited
Martin Johns
Journal in Computer Virology, 2008, Volume 4, Number 3, Pages 161-178
- Download PDF (436.1 KB)
Book Chapter
Service Level Security in Grid Systems
Anirban Chakrabarti
2007, Grid Computing Security, Pages 105-132
- Download PDF (928.1 KB)
Book Chapter
Passive Monitoring of DNS Anomalies
(Extended Abstract)
Bojan Zdrnja, Nevil Brownlee and Duane Wessels
Lecture Notes in Computer Science, 2007, Volume 4579, Detection of Intrusions and Malware, and Vulnerability Assessment, Pages 129-139
- Download PDF (302.7 KB)
Book Chapter
Selecting Firewall Security Topology Policy
2007, Practical Internet Security, Part XIII, Pages 411-430
- Download PDF (128.2 KB)
Book Chapter
Network Perimeter Security
2009, Computer Network Security, Pages 249-275
- Download PDF (2.3 MB)
Book Chapter
Configuring Your Router
2009, Cisco Routers for the Small Business, Pages 17-55
- Download PDF (236.8 KB)
Book Chapter
Providing Wireless Network Security Solutions for ISP Intranet, Internet and E-Commerce
2006, Guide to Wireless Network Security, Part VII, Pages 683-733
- Download PDF (2.6 MB)
Book Chapter
Protecting Network Infrastructure – A New Approach
Angus Wong and Alan Yeung
2009, Network Infrastructure Security, Pages 219-262
- Download PDF (2.0 MB)

Abstract

This paper describes an attack concept termed Drive-by Pharming where an attacker sets up a web page that, when simply viewed by the victim (on a JavaScript-enabled browser), attempts to change the DNS server settings on the victim’s home broadband router. As a result, future DNS queries are resolved by a DNS server of the attacker’s choice. The attacker can direct the victim’s Internet traffic and point the victim to the attacker’s own web sites regardless of what domain the victim thinks he is actually going to, potentially leading to the compromise of the victim’s credentials. The same attack methodology can be used to make other changes to the router, like replacing its firmware. Routers could then host malicious web pages or engage in click fraud. Since the attack is mounted through viewing a web page, it does not require the attacker to have any physical proximity to the victim nor does it require the explicit download of traditional malicious software. The attack works under the reasonable assumption that the victim has not changed the default management password on their broadband router.

Fulltext Preview

Image of the first page of the fulltext document

Frequently asked questions General info on journals and books Send us your feedback Impressum Contact us

SpringerLink

Drive-By Pharming

View Related Documents

Abstract

Fulltext Preview