With always new tricks to try criminals control over private computer to get to the accounts of the owner or eliminate spam. Now, they have identified a new target: DSL router. Security experts show concern.
“These attacks were far more of a theoretical possibility. This is no longer the case, “writes security specialist Symantec on its website. For more than a year, the attack scenarios in security circles discussed when they would be exploited, it was only a matter of time.
In this specific case, the customers of a Mexican bank target of the attack. The criminals sent e-mails with a bogus link. If the user the link called, so he changed the attitudes of its Internet DSL router. The result: who after a successful attack, the website of a specific bank called, was henceforth on the server of the criminals diverted. The attackers were the secret account information of unsuspecting victims reads. How many users were affected, Symantec is not known – were threatened but only the users of a certain type of router, particularly in Mexico is widespread.
Security systems can not graspThis type of attack is very clever: Almost every owner of a broadband connection, a router at home. It is connected to the DSL or cable modem, making the switch between its own PC and the Internet. Actually increase the router security while surfing – have built firewalls are suspected connections from the user’s computer away. In principle, but the router is a small computer that is programmed to be totally free.That’s what the attacker advantage: They manipulate the router, but leave the PC user alone. Since work on the machine itself did not change, anti-virus software does not alarm. Other security measures run into the void, as all actions of criminals completely suspects appear for the computer, it seems as if the user changed the settings themselves. Then, the computer duped, that the normal banking site visits. Only by the use of security certificates, as they are as different in Germany than in Latin America are used, we can create a Manipulation notice. But even this hurdle is for criminals to overcome duration.
New technology poses dangers
In the case of the Mexican attack, the attacker particularly easy: the type used router was unsecured – for the change in the Internet Options was not even a password needed. But in recent years, many attack scenarios become known, which is also a bypass password protection.
Especially the “Universal Plug and Play” makes the experts worry. This feature allows devices such as game consoles and set-top boxes, so it’s easy an Internet connection. Criminals, they can also use it to the router under their control.
Secure Password
“When you Universal Plug and Play is not really needed, it should be the function of the router off,” advises Candidat Symantec . As an additional security measure suggests that the security expert, the password of the router to change. “Criminals can use small programs try to guess the password. If the router is the same password as used for the purchase, the attackers did it very easily. Often, the devices are only slightly with passwords such as “admin” or “monitor”. Who is not sure if your router has been manipulated, if the unit to the factory defaults.
That is Like really Terrorist action,what goes on here global.
