Cisco has posted a Security Response on its Web site which describes the 77 routers that are vulnerable to a new form of attack. Researchers at security company Symantec first warned users about the new type of attack last week, calling for all users (both home and commercial) to change the default user name and password on their routers if they hadn't already done so. Symantec's Zulfikar Ramzan posted an online warning where he coined the attack: Drive-By Pharming. He also wrote the following on the company's Security Response Weblog: "I believe this attack has serious widespread implications and affects many millions of users worldwide. Fortunately, this attack is easy to defend against, as well."
Mike Caudill, incident manager at Cisco, says he doesn't have an estimate on how many users change the default user name and password, but adds that it's probably a significant number. He notes that drive-by pharming mostly affects smaller routers used in homes and small- and medium-sized businesses, because the larger enterprise-level routers come with a configuration tool that automatically calls for the default user name and password to be changed during set up. Once the attackers get into the router, they have control over it, allowing them to direct users and their browser to whatever Web sites they choose.
News source: InformationWeek