Indiana University Bloomington

Luddy School of Informatics, Computing, and Engineering

Technical Report TR641:
Drive-By Pharming

Sid Stamm, Zulfikar Ramzan, and Markus Jakobsson
(Dec 2006), 13 pages pages
[A derivative of TR641 (which cites 641) was published at the 9th International Conference on Information and Computer Security.]
Abstract:
Inexpensive broadband routers are a popular way for people to create an internal, and sometimes wireless, network in their homes. By purchasing such a router and plugging it in, they can have a network set up in seconds. Unfortunately, by visiting a malicious web page, a person can inadvertently open up his router for attack; settings on the router can be changed, including the DNS servers used by the members of this small, quickly erected internal network. In this paper, we describe how a web site can attack home routers from the inside and mount sophisticated pharming attacks that may result in denial of service, malware infection, or identity theft among other things. Our attacks do not exploit any vulnerabilities in the user's browser. Instead, all they require is that the browser run JavaScript and Java Applets. We also propose countermeasures to defeat this type of malware -- new methods that must be used since the traditional technique of employing client-side security software to prevent malware, is not sufficient to stop our proposed attacks.

Comments: A derivative of TR641 (which cites 641) was published at the 9th International Conference on Information and Computer Security (ICICS2007) in Zhengzhou China, December 12-15 2007. It's in LNCS 4861 (Springer 2008), ISBN 978-3-540-77047-3, pp 495-506.

Available as: