摘要 |
<p>HTTP requests initiated from a web browser of a client computer system are proxied prior to release to a router (204), such as a home router. HTTP requests identifying a referrer URL (208) corresponding to routable, public IP address and a target URL (206) corresponding to a non-routable, private IP address are determined to be indicative of a drive-by pharming attack (210), and are blocked from sending to the router (240). HTTP requests not identifying a referrer URL corresponding to a routable, public IP address and a target URL corresponding to a non-routable, private IP address, the HTTP request are not determined to be indicative of a drive-by pharming attack, and are released for sending to the router (218). In some embodiments, an HTTP response received in response to a released HTTP request is proxied prior to release to the web browser. An HTTP response having content of type text/html or script (410) is modified as indicated to prevent malicious activity and released to the web browser.</p> |