The theory is now a reality. Symantec reported Tuesday that drive-by pharming, in which a hacker changes the DNS settings on a customer’s broadband router or wireless access point and directs the link to a fraudulent Web site, has been observed in the wild.[To understand the basics of pharming, see CSO’s ABCs of Phishing and Pharming.]The first drive-by pharming attack has been observed against a Mexican bank: “It’s associated with an e-mail pretending to be from a legitimate Spanish-language e-greeting card company, Gusanito.com,” says Symantec Security Response principal researcher Zulfikar Ramzan. Inside the e-mail is an HTML image tag but instead of displaying images, it sends a request to the home router to tamper with it.In the e-mail evidence Symantec has examined, the code seeks to change 2Wire DSL routers to point the user’s Web browser to a fraudulent bank site that mimics the site of one of the largest Mexican banks. Ramzan declined to name the specific bank.“So, whenever you’d want to go to the bank site, instead of the real one, you’d get the attacker’s fake site,” he says. For the home PC user, the danger is that this drive-by pharming attack is “so silent and there’s only subtle telltale signs that it’s occurring,” he adds.A white paper last year from Symantec and the Indiana University School of Informatics coined the term. At the time the researchers detailed the JavaScript-based security threat and said such an attack could hit up to 50% of home broadband users. Drive-by pharming can occur because home router equipment is often left configured with default log-in and password information and never changed. “The attacks know what the defaults are,” Ramzan says. The simplest defense is to make sure home routers of any type have the default password settings changed.Corporate routers are not typically seen to be as vulnerable to drive-by pharming “because they tend to be managed better,” he says. Ramzan added he expected the drive-by pharming attack to accelerate as online attackers move beyond into newer methods than traditional e-mail phishing.By Ellen Messmer, Network World Related content news Sysdig unveils cloud attack graph based on real-time threat data Sysdig also announced a new cloud inventory and agentless scanning capabilities to tackle cloud security risks. By Michael Hill Sep 27, 2023 3 mins Threat and Vulnerability Management Threat and Vulnerability Management Threat and Vulnerability Management feature What’s a cyber incident response retainer and why do you need one? Whether you need to hire a team to respond to any and all cyberattacks or just some hired guns to boost your capabilities, incident response retainers can ensure you’re covered. By Linda Rosencrance Sep 27, 2023 8 mins Cyberattacks Incident Response Security Practices brandpost How an integrated platform approach improves OT security By Richard Springer Sep 26, 2023 5 mins Security news Teachers urged to enter schoolgirls into UK’s flagship cybersecurity contest CyberFirst Girls aims to introduce girls to cybersecurity, increase diversity, and address the much-maligned skills shortage in the sector. By Michael Hill Sep 26, 2023 4 mins Back to School Education Industry IT Training Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe