NOW READ THIS
("Security Advisory")

Go Back

---

Submitted by: Bill Hickey
NCVA List Master

NRT-0046 Drive-by Web attacks could hit home routers:

Researchers at Symantec and Indiana University say it is possible to take over many home wireless routers using malicious JavaScript code. For the attack to work, the victim would first have to visit a malicious web site that served up the JavaScript. Second, the victim's router would have to still use the default password that it's pre-configured with out of the box. In tests, the researchers were able to do things like change firmware and redirect a D-Link Systems DI-524 wireless router to look up Web sites from a DNS (Domain Name System) server of their choosing. "By visiting a malicious web page, a person can inadvertently open up his router for attack," the researchers write. "A Web site can attack home routers from the inside and mount sophisticated attacks that may result in denial of service, malware infection, or identity theft." Once the router has been compromised, victims can be redirected to fraudulent web sites, the researchers say.

(http://www.computerworld.com.au 15FEB07)

Last Modified: Saturday, 17-Feb-2007 08:37:24 EST