WHID 2008-05: Drive-by Pharming in the Wild

Symantec reported an active exploit of CSRF against residential ADSL routers in Mexico (WHID 2008-05). An e-mail with a malicious IMG tag was sent to victims. By accessing the image in the mail, the user initiated a router command to changethe DNS entry of a leading Mexican bank, making any subsequent access by a user to the bank go through the attacker's server.

Additional information:

• Drive-by Pharming in the Wild [Symantec, Jan 22 2008]
• Symantec reports first active attack on a DSL router [Heise, Jan 24 2008]
• Client Side Web Server Hacking [WHID Blog, Jan 28 2008]