Web users face new threat targeting bank details
Millions of broadband users are potentially at risk from a newly identified network threat that could allow criminals to prey on curious web surfers.
Up to 50 per cent of home broadband customers may be susceptible to a type of attack known as 'drive-by pharming', experts warn.
Simply by viewing a rogue website, without downloading any software, they could unwittingly allow their bank accounts to be targeted.
Visiting the site activates a system that re-routes the user away from his or her normal server. Without realising it, victims are connected to a new server, controlled by criminals, who can direct them anywhere they like on the internet.
Next time they log onto their bank, to look at their account or pay a bill, the new server directs them to a replica bank site which could be an exact copy of the real one.
The victim's user name and password can then be stolen, allowing the attacker to access the 'real' bank site and rob the account of funds.
Broadband routers employ different systems and not all are vulnerable to drive-by pharming.
But the experts say up to 50 per cent of popular wireless routers could be at risk because they are so easy to access.
Dr Zulfikar Ramzan, from California-based software company Symantec, said experts trying to keep one step ahead of the cyber-scammers had only just become aware of the threat.
Speaking at the annual meeting of the American Association for the Advancement of Science in San Francisco, he said: "The attacker will try to get you to go to his website.
"It might be a new video of Britney Spears with her bald head; gossip, celebrity pictures, or pornography. All you have to do is look at it. They say curiosity killed the cat; now it may also kill your bank account."
It is not known whether anyone has yet fallen victim to 'drive-by pharming', but Dr Ramzan said he felt it was essential to warn people of the threat.
Drive-by pharming involves the use of a JavaScript code to change the settings of a user's home broadband route, which provides the link with the server.
One way to guard against drive-by pharming was to change the default internal password used by the router, said Dr Ramzan.
Users should be wary of clicking on links or sites that seem in any way suspicious, he said.
He added: "We're literally working night and day to find ways of defending against these threats. You have to keep one step ahead and be able to react quickly."
Existing security solutions that only protect a user's home computer system cannot prevent attacks such as drive-by pharming.
Symantec is looking at new systems that can monitor the behaviour of a program and spot when it is acting strangely.
"That could enable us to counter threats we haven't even seen yet, but the problem is how to prevent it being triggered by legitimate activity," said Dr Ramzan.
Professor Markus Jakobsson, from Indiana University School of Infomatics in Bloomington, said dangers such as drive-by pharming highlighted the human Achilles heel in internet security.
"To a large extent it's a social threat, people being tricked to install things or de-activate countermeasures," he told the meeting.
"It's becoming much more sophisticated and prevalent and it's becoming much more of a complex threat.
"When it becomes a social threat as well, it doesn't matter what kind of protection you have, you could be at risk anyway."
