With the spirit of mirthful holiday merrymaking in the air these days, you can't resist the urge to have a little Purim fun of your own. But how? You're too old for costume wearing, and there are only so many hamentaschen you can eat.
Instead, you might be tempted to run a little Purim practical joke - say, logging into your neighbor's wireless router and changing a few settings, and maybe even try to log on to their actual computers, read their e-mail - you know, innocent stuff like that. It's really not all that difficult - in fact, in many cases, it's downright easy!
With this kind of attack, just typing http://www.yourbank.com into your browser will lead you not to your bank, but a phony Web page that looks just like your bank, cached on the phony DNS server. When you try to log onto the site with your name and password, you can basically kiss your cash goodbye! And the worst part is, you won't even know you've been hoodwinked until it's too late.
How does the Javascript program get into your router? Easy. According to Symantec statistics, over half of users don't bother changing the default password on their mass-marketed home routers (Netgear, Linksys, etc.). The Javascript tries combinations of default names/passwords - like admin/admin, admin/password, etc. - and is able to log onto the router, changing settings and scripts for the benefit of the bad guys.
The "drive-by" part of this pharming scam refers to users who surf to a random site from where this Javascript routine is uploaded to your computer. But it also works when you just drive by the houses in your neighborhood and seek out unprotected wireless networks - or, in some cases, a password "protected" network, if the password is a standard or weak one. In the case of the "drive-by" invasion, where you have to surf to a specific site to be infected with the rogue Javascript. But in a neighborhood drive-by invasion, getting proactive - by changing the default settings on your router - is the only way to protect yourself.
Note: The techniques I will be describing are meant to be taken as a guide - not for hackers, but for people who need protection from them, because they work, with a minimum of effort. Don't try this at home, Purim time or any time.
As the competition between manufacturers of wireless routers grows, as does the market for these routers, manufacturers utilize various methods to tout their products - and ease of use is always a major customer consideration. Router makers believe that customers want an "out of the box" solution, with as little configuration of the device required as possible.
If your neighbor, like mine, hasn't bothered to password protect his wireless network at all, you can easily join that network and use it for surfing the Internet. This you already know. But chances are that the network's name is going to be a standard one - either the name of the router itself - such as "default" (Netgear). Often the network name is the router's name and model number, so you can easily check out all the details by Googling the info. In my neighbor's case, the rta1025w network indicated a Dynalink router, and a further search yielded its default name/password and IP address.
Armed with this information logging onto the router - and the network - was easy. Since the router is configured via a Web page which you log onto while connected to the router, you can easily load the configurations for your victim's router in your own browser. From there it's just another easy step to the user's computer, which is likely set without a password either; the router will list the IP addresses it's distributed via DHCP, so all you have to do is set up a network drive on your computer with the remote address (something like \\192.168.1.2\C$ should do nicely). The user name in the case of Windows is almost always Administrator, and if you're asked for a password, try the same word, or something like 1234 or ABCD.
For a real challenge, try breaking into an ostensibly password protected network with a standard or router name. It stands to reason that someone with a network named "default" will not really have understood the concept of secure passwords, and may have used the "Admin/Admin" combination as their network password, having seen it in their manual. But why bother? There are probably dozens of open networks all around you that you can have your way with.