Drive-by pharming poses a risk to up to 50% of home users

A new threat called drive-by pharming has been identified, ZDNet UK reports.

A security firm has warned that drive-by pharming, in which a cyberattacker takes control of a user’s home router, could allow a malicious attacker to steal a user’s bank details. Anyone who hadn’t changed the default password on their router would be at risk, the security firm claimed.

To execute a drive-by pharming attack, a malicious hacker would have to create a Web page that contained specially crafted JavaScript code. If a user who visited the page had enabled automatic running of JavaScript, then this code would attempt to change the settings in their router. If the router had no password or was still using the default password it shipped with, then the JavaScript will send the router a string to change the domain name system (DNS) settings on the router.

By hacking the router’s DNS settings, the JavaScript would redirect it to a DNS server that was run by the attackers themselves. This would allow them to serve fake versions of banking sites, which would appear to be totally genuine and would have a completely genuine URL.

“All you have to do to become a victim is simply visit the Web page that hosts this malicious code. You don’t have to click OK on any dialogue boxes or accidentally download and install malicious software,” an expert said.

Experts have calculated that up to 50% of home users could be at risk.