I’ve talked many times about the sorry state of security on home networking equipment. For instance, if you leave most wireless networks in their factory configuration, anyone can connect without a password, which is the equivalent of leaving your front door open.  As well, the username to administer the system will probably be admin, and the password for that will probably be blank – and that’s the scary part.  

When you type the name of a website into your browser, your system looks up the unique numerical IP address for the site using one or more of the Internet’s Domain Name System servers, which are like massive electronic telephone books.  Using a technique called pharming, it’s possible for a remote attacker to get into the unsecured network and make the firmware on the router update itself and use a fake DNS server.  The fake server then points the browser to a fake website – so, when you type in “mybank.com”, you end up at a site which looks just like your bank site, but which is actually a phishing site. Type in your username and password, and you’ve just handed your identity over to the bad guys.  

All of this is made possible by building a web page with malicious Javascript code on it.  A user with an unsecured network would merely have to view the page to fall victim to it; their router would be automatically reconfigured without their knowledge.  And knowing that the majority of users leave their wireless networks in their unprotected factory configuration, it’s a sure bet that someone is building one of those malicious web pages right now.  

Read more about drive-by pharming in the Symantec Enterprise Security Response Blog.