Cisco: 77 Routers Vulnerable to New Drive-By Pharming Attack

Cisco has posted a Security Response on its Web site which describes the 77 routers that are vulnerable to a new form of attack. Researchers at security company Symantec first warned users about the new type of attack last week, calling for all users (both home and commercial) to change the default user name and password on their routers if they hadn't already done so. Symantec's Zulfikar Ramzan posted an online warning where he coined the attack: Drive-By Pharming. He also wrote the following on the company's Security Response Weblog: "I believe this attack has serious widespread implications and affects many millions of users worldwide. Fortunately, this attack is easy to defend against, as well."

Mike Caudill, incident manager at Cisco, says he doesn't have an estimate on how many users change the default user name and password, but adds that it's probably a significant number. He notes that drive-by pharming mostly affects smaller routers used in homes and small- and medium-sized businesses, because the larger enterprise-level routers come with a configuration tool that automatically calls for the default user name and password to be changed during set up. Once the attackers get into the router, they have control over it, allowing them to direct users and their browser to whatever Web sites they choose.

News source: InformationWeek

Report a problem with article
Previous Story

AMD (ATI) Catalyst 7.2

Next Story

Who should fix Microsoft's UAC?


Commenting is disabled on this article.

Half the wireless APs in my building still have the default ESSID, and I wouldn't be at all surprised if all of them still have the default password too. When they first started appearing, a number of them didn't have any encryption on them either.

Unfortunately, people are wilfully naïve with technology. And when you start trying to explain "drive-by pharming" to them (who comes up with this stuff?) they close their ears and go "lalala I can't hear you". It's pathological.

this was basically already talked about a few days ago... about the vulnerability about routers with default passwords a week or so ago on neowin