The security company said it was the first time he had seen an attack “in nature,” although the concept was discussed last year by researchers at Symantec, according to a blog post at Symantec.
In the attack, which targeted users of an undisclosed Mexican bank, the intended victims received a spam email claiming that he had received an e-card, directing them to gusanto.com, a Spanish-language e-card site. However, email has also incorporated the HTML tags of images, containing an HTTP request to get the router to change your DNS settings, according to the manager of Symantec in the UK quality assurance, Thomas Parsons.
Get-HTTP request redirects traffic flowing over the router to an IP address when the user attempts to access six domain names that are related to banking. Symantec calls ZDNet Asia sister site ZDNet UK did not publish the IP address.
The attack is possible due to an exploit cross-site scripting in 2Wire routers that was reported in August last year, according to Symantec. Parsons said it was “just a gimmick,” advising small and medium sized companies to change the default security settings on routers, and educate users about clicking on suspicious links.