Beware: Your WiFi router can be hijacked by "pharmers"

If you've got a WiFi router and haven't changed its password, you're in danger of being victimized by a drive-by "pharming" attack in which when you type in normal URLs, you're sent to phony Web sites masquerading as the real thing. Your private information could then be stolen.

This is not a theoretical danger. Symantec security expert and blogger Zulfikar Ramzan reports that such drive-by pharming attacks have already been launched.

Here's how it works. Malicious code is planted on your PC, via email or visiting an infected Web page. The malicious code changes the DNS settings in your home router, so that when you type in certain URLs --- such as to your bank --- you're rerouted to a phony Web page that looks like the real thing. It looks like the real page, and you've typed in the URL yourself, so you figure it's safe. But it's not; type in your login information, and it's stolen.

Ramzan reported on the theoretical danger a year ago. But now, he says in his most recent blog, "We recently saw instances of actual attackers attempting a basic version of drive-by pharming." He notes that in one attack, hackers embedded malicious code in an email that said it had an e-card waiting for the recipient at gusanito.com. But the email, he says, "also contained an HTML IMG tag that resulted in an HTTP GET request being made to a router (the make of which is a popular router model in Mexico). The GET request modified the router’s DNS settings so that the URL for a popular Mexico-based banking site (as well as other related domains) would be mapped to an attacker’s Web site."

For now, the attack is confined to Mexico. But there's no reason it can't be used elsewhere as well. To make sure you're not a victim, all you need to do is change your router's log-in information from the default. Don't worry about forgetting the login information. If you forget it, you can just do a hard re-set on your router, and the password will be re-set to the default. Log in, and then change it.

If you're looking for more advice on protecting your home router, by the way, check out my article, How to protect your wireless network.