Got this from AVG:

A potential threat for broadband routers has been announced. The exploit is popularly called "Drive-by Pharming". This new threat has the potential to allow an attacker to gain control over a user's broadband router and home network thus allowing the attacker to steal private information, install malware, or use the home network to distribute spam. The attacker would do this by creating a web site that pretended to be a legitimate web site such as a bank or online shopping site. When a user visited the site, malicious JavaScript embedded in the site would then launch and reconfigure the router to use the attacker's DNS servers instead of those prescribed by the user's ISP. DNS servers are similar to directories that cross reference information, similar to phone books. All computers on the internet have a numerical reference called an IP address. DNS servers cross reference web site names ( to the numerical address. Therefore, once the router is reconfigured, the attacker can redirect any name entered to a malicious site of his choice.

While there are no known cases of this particular exploit actually in use, proof of concept code has shown it to be possible and effective. Fortunately, simply changing the default administrative password of the router easily mitigates the risk! All broadband routers are shipped with an administrative account and a default password, usually something like "password" or "admin" and most users never change these to a stronger password. This is a relatively easy task, the user would just need to log into the router's IP address (usually something like or and log in with the default password - see the documentation or go to one of the online databases such as to determine the password. Then set a new password and you have mitigated the risk!

Tim Lytle [04/16/07 19:57:56] | 0 Comments | Stream