Symantec warns of router compromise

By Tom Espiner
Special to CNET News.com Published: January 24, 2008 9:10 AM PST

Tools

Related Stories: Secunia: CA backup product 'inherently insecure'
January 16, 2008; If you thought 'Security '07' was hairy, just wait
January 3, 2008; Year in review: Botnet gains, Web 2.0 pains
December 31, 2007; Symantec: Virtualization can ease data center woes
October 31, 2007; Symantec, Microsoft cooperate on security
October 23, 2007
Related Blogs: Two old-time tech companies ripe for picking?
News Blog
January 17, 2008; Symantec releases online cyber-security quiz
Geek Gestalt
January 8, 2008

Security company Symantec has warned of an attack involving the subversion of routers.

The security company said this was the first time it had seen such an attack "in the wild," although the concept had been discussed a year ago by Symantec researchers, according to a Symantec blog post.

In the attack, which targeted users of an undisclosed Mexican bank, the intended victims received a spam e-mail claiming they had received an e-card, directing them to gusanto.com, a Spanish-language e-card site. However, the e-mail also had embedded HTML image tags that contained an HTTP get-request to the router to change its Domain Name System settings, according to Symantec's U.K. manager of quality assurance, Thomas Parsons.

The HTTP get-request redirects traffic flowing over the router to a specific IP address when the user attempts to access six domain names that are banking-related. Symantec requested that ZDNet UK not publish the IP address.

The attack is made possible by a cross-site scripting vulnerability in routers made by broadband-equipment company 2Wire that was reported in August last year, according to Symantec. Parsons said this was "a simple hack" and advised small to medium-size businesses to change default security settings on routers and educate users about clicking on suspicious links.

Tom Espiner of ZDNet UK reported from London.

More from News.com on this story's topics: Security threats
Create an email alert | RSS feed; Flaws
RSS feed; Routing/switching
Create an email alert | RSS feed

See more CNET content tagged:
2Wire, e-card, router, Symantec Corp., XSS

Add a Comment (Log in or register) 2 comments (Page 1 of 1)

No surprise
by alegr January 24, 2008 11:45 AM PST: GET request is used to change settings in a popular router design by certain company whose name starts with 'C' and ends with 't'. The sad thing is that the product managers were warned about that four years ago.
Any webpage can issue GET request to your router, with arbitrary arguments, that's it. Should have used POST.; Reply to this comment View reply
Processing

RSS Feeds: Add headlines from CNET News.com to your homepage or feedreader.; Google; Yahoo; MSN; More feeds available in our RSS feed index.

Latest tech news headlines

Pondering Microsoft's 'Everett Dirkson moment'
Posted in Coop's Corner by Charles Cooper

July 18, 2008 4:39 PM PDT
Motorola sues iPhone sales executive over trade secrets
Posted in News - Wireless by Tom Krazit

July 18, 2008 4:17 PM PDT
Blogging and bringing home the bacon
Posted in News - Digital Media by Stefanie Olsen

July 18, 2008 3:57 PM PDT

Most Popular Stories: High notes from a low-profile E3; Torvalds attacks IT industry 'security circus'; Mozilla updates Firefox with three security patches; Photos: Game on at E3; Mom continues to chase Prince over 'fair use'

Markets: Dow Jones Industrials (0.44%) 49.91 11,496.57; S&P 500 (0.03%) 0.36 1,260.68; NASDAQ (-1.28%) -29.52 2,282.78; CNET TECH (-1.23%) -19.76 1,584.59

Welcome (log out) |View profile

On MovieTome: TRANSFORMERS 2 SPOILERS!

Laptops from $399! TigerDirect.com

Symantec warns of router compromise

Security threats

Flaws

Routing/switching

Report offensive content:

E-mail this comment to a friend.

Latest tech news headlines