Symantec warns of router compromise

Security company says it has seen an attack using a cross-site scripting flaw in 2Wire DNS routers.

By Tom Espiner
Special to CNET News.com

Published: January 24, 2008, 9:10 AM PST

Story Tools

TalkBack E-mail Print del.icio.us Digg this

Security company Symantec has warned of an attack involving the subversion of routers.

The security company said this was the first time it had seen such an attack "in the wild," although the concept had been discussed a year ago by Symantec researchers, according to a Symantec blog post.

In the attack, which targeted users of an undisclosed Mexican bank, the intended victims received a spam e-mail claiming they had received an e-card, directing them to gusanto.com, a Spanish-language e-card site. However, the e-mail also had embedded HTML image tags that contained an HTTP get-request to the router to change its Domain Name System settings, according to Symantec's U.K. manager of quality assurance, Thomas Parsons.

The HTTP get-request redirects traffic flowing over the router to a specific IP address when the user attempts to access six domain names that are banking-related. Symantec requested that ZDNet UK not publish the IP address.

The attack is made possible by a cross-site scripting vulnerability in routers made by broadband-equipment company 2Wire that was reported in August last year, according to Symantec. Parsons said this was "a simple hack" and advised small to medium-size businesses to change default security settings on routers and educate users about clicking on suspicious links.

Tom Espiner of ZDNet UK reported from London.

More from News.com on this story's topics

2 comments
Post a comment

TalkBack

No surprise

alegr
Jan 24, 2008, 11:45 AM PST

Images: Adobe Photoshop Express finally arrives

New Web-based application for editing, organizing, and sharing images is free, and an account includes 2GB of storage.
View this gallery.

Related news

Secunia: CA backup product 'inherently insecure'
January 16, 2008

Security Bites Podcast: When Web apps attack

If you thought 'Security '07' was hairy, just wait
Perspective, January 3, 2008
Year in review: Botnet gains, Web 2.0 pains
Special report, December 31, 2007
Symantec: Virtualization can ease data center woes
October 31, 2007
Symantec, Microsoft cooperate on security
October 23, 2007

Related videos

Watch more videos >

Resource center from News.com sponsors

You Need The Speed of Norton 2009

Introducing Norton Internet Security™2009

With one-click, one-minute install, under 8MB of memory usage and fewer, shorter scans, it's the fastest security suite anywhere. Norton. Smart Security, Engineered for Speed. Get a FREE trial today!

The Fastest Security Suite Anywhere

Experience the revolutionary Norton Internet Security™ 2009. With Norton™ Insight, a new feature, you get precision security that targets only at risk files for fewer, faster, shorter scans

Win a Trip to Space!*

Enter the Blast Off with Norton Sweepstakes for your shot at a trip to space. You could experience being fast and weightless, just like the new Norton 2009. *No purchase necessary; click for full details.

FREE Trial!

Act now to get your FREE trial of Norton Internet Security 2009. Try it for the protection. Love it for the speed

Norton Safe Web NEW!

A community-based system that rates web site safety

Norton Labs NEW!

Users can download new security technologies and share input directly with developers. Help us shape our future products!