Dubbed "drive-by pharming" by Symantec Corp. and university researchers who first publicized the danger in a paper, the attack involves luring users to malicious sites where a device's default password is used to redirect them to bogus sites. Once they are at those sites, their identities could be stolen or malware could be force-fed to their computers.Cisco advises its users to change the default username and password required to access the router's configuration settings, and disable the router's HTTP server feature.
In an advisory posted Thursday, Cisco listed 77 vulnerable routers in the lines sold to small offices, home offices, branch offices and telecommuters. The advisory recommended that users change the default username and password required to access the router's configuration settings, and disable the device's HTTP server feature.
The paper, co-written by a Symantec researcher and two other researchers from Indiana University, urged a similar move by router owners.
77 Cisco routers vulnerable to drive-by pharming
Posted on Thursday, February 22 2007 @ 1:20 CET by Thomas De Maesschalck