Drive-by pharming: This attack is an exploit that targets your router if you leave it configured with the default password. All you need to be infected is to visit a web page with the exploit and just like that they "own" your router!

Here's an article about it:
Drive-by pharming: this nasty attack technique looks significant
http://www.infoweek.ca/index.php?page=shop.product_details&category_id=114&flypage=shop.flypage&product_id=1518&option=com_virtuemart

Bottom Line: Change the default router password on your device today!

A little more detailed article here (http://www.heise-security.co.uk/news/102352).

Hello,

Looks like it takes quite a bit to actually launch something like this:

- Get convinced to visit a site
- Get convinced to click somewhere
- Must have javascript enabled in the browser
- Must have upnp enabled in router
- Must have router password set to default

Looks like a lot ...

Mrk

-{ Quote: "Hello,

Looks like it takes quite a bit to actually launch something like this:

- Get convinced to visit a site
- Get convinced to click somewhere
- Must have javascript enabled in the browser
- Must have upnp enabled in router
- Must have router password set to default

Looks like a lot ...

Mrk" }-

Actually It's nothing really...
I would estimate that most services visits we do on first time customers have routers turned on with wireless enabled but default password is usually what is in the machine, and most have WEP disabled as they find it too difficult to configured... never mind about WPA. or UPNP or anything else.

I have seen Routers configured with DMZ static to a pc without a firewall or anti virus so the idiot could access "His Accounting Software" from the office...

If you think it needs much to get anyone to visit a web site... Well e-mail phishing and other miscellaneous types of social engineering efforts are much to easy to even begin to explain here...

The proof is in the numbers anyways... If it was so difficult it would be a rarity unfortunately I get some types or another my way almost daily...

-{ Quote: "The proof is in the numbers anyways... If it was so difficult it would be a rarity unfortunately I get some types or another my way almost daily...
" }-It doesn´t take much time that this happens, probably most users who buy their first router are trapped by such a trick and why so many routers use java/script as language, bad choice, imo.

-{ Quote: "It doesn´t take much time that this happens, probably most users who buy their first router are trapped by such a trick and why so many routers use java/script as language, bad choice, imo." }-


I think too many users are purchasing routers as an alternative to learning network and security concepts and they are really nice for us doing consulting as they greatly simplify setting up small LAN's with Internet access, but I think they have a tendency to provide a false sense of safety and they tend to make us lazy...

-{ Quote: "I think too many users are purchasing routers as an alternative to learning network and security concepts and they are really nice for us doing consulting as they greatly simplify setting up small LAN's with Internet access, but I think they have a tendency to provide a false sense of safety and they tend to make us lazy..." }-Can you recommend a book or site to learn network and security concepts. This upnp is not the same as thatmentione by Steve Gibson at http://www.grc.com/UnPnP/UnPnP.htm is it?

Is it OK to disable this in my router? I am on a home LAN behind a firewalled router and have comodo firewall on my PC. Going slightly off topic I wondered if we are over zealous with security. I turned off my pc firewall last week and forgot to turn it on but still got a stealth reading from grc shields up.

-{ Quote: "Can you recommend a book or site to learn network and security concepts. This upnp is not the same as thatmentione by Steve Gibson at http://www.grc.com/UnPnP/UnPnP.htm is it?

Is it OK to disable this in my router? I am on a home LAN behind a firewalled router and have comodo firewall on my PC. Going slightly off topic I wondered if we are over zealous with security. I turned off my pc firewall last week and forgot to turn it on but still got a stealth reading from grc shields up." }-

Well, the router (which is a bit of a wrong name for these devices as they are gateway's not routers in the real sense), is not necessary at all in most environments I have seen them used. For exemple, the firewall built into most routers is inferior to say the Comodo firewal, has this firewall is far more feature rich and is probably better all around. Basically you do not need 2 firewalls on protecting your pc where they both would do the same. This is why you can turn off the firewall on your pc is still pass the tests at GRC for example as the router firewall is still working protecting your computer...

As for the UPNP it is similar to the one built into windows in that it allows devices to self detect and configure each others without user intervention. The one in your router is design to interface with other network devices and do a similar task but network centric instead of device configuration... Disabling UPNP in your "Home" router will have no impact and is ok. This feature is mostly used on corporate LAN's where multiple devices need to talk to each other to automate device/network synchronization.

And to answer your question more fully:
http://www.sans.org/resources/malwarefaq/win_upnp.php

As for books on security you can check out http://www.sans.org/ (A better resource than most books)

-{ Quote: "Well, the router (which is a bit of a wrong name for these devices as they are gateway's not routers in the real sense), " }-Mine is a modem/router and also is my gateway i think

-{ Quote: "Disabling UPNP in your "Home" router will have no impact and is ok.
As for books on security you can check out http://www.sans.org/ (A better resource than most books)" }-OK Thanks ;)