This article is more than 1 year old
Broadband routers welcome drive-by hackers
JavaScript-enabled DNS chicanery
Still using the default password that came with that nice broadband router you installed at home? Time to get off your butt and change it: visiting the wrong website is enough to have key settings changed on the most popular models.
Symantec warns attackers can employ a simple piece of JavaScript to modify a router's domain name server settings. Once the router is rebooted, a rogue DNS will send the victim to spoofed websites with malicious intent.
That could unleash all kinds of new phishing expeditions, Symantec says. For example, the new DNS could route a request for bankofamerica.com or Microsoft's update site to fraudulent sites that steal login details or install back doors.
A proof of concept works with popular models made by Linksys, D-Link and Netgear, but only if they use the default password. Hence, the attack can be thwarted by setting a new password that's not easy to guess.
As with many of the recently discovered browser-related vulnerabilities, attacks also require JavaScript to be enabled. Running a program such as the NoScript extension to Firefox is also a safeguard in these cases. ®
Biting the hand that feeds IT
