CNET
reports that attackers could change the configuration of home routers using
JavaScript code. So, if you haven't changed the default password, you'd better
do it. The researchers found that it is
possible to change the DNS, or Domain
Name System, settings of a router if the owner uses a connected PC to view a Web
page with the JavaScript code.
This DNS change lets the attacker divert
all the Net traffic going through the router. For example, if the victim
types in "www.mybank.com," the request could be sent to a similar-looking fake
page created to steal sensitive data. "I have been able to get this to
work on Linksys, D-Link and Netgear routers," Symantec researcher Zulfikar
Ramzan said. "You can create one Web site that is able to attack all routers. My
feeling is that it is just a matter of time before phishers start using this."
After a router's DNS setting is changed, all computers connected to the device
will use the DNS server set up by the attacker to find their way on the
Internet. DNS functions like the phonebook of the Internet, mapping text-based
addresses such as www.news.com to actual numeric Internet Protocol addresses of
a Web site.
The attack works on any type of home router, but only if
the default router password hasn't been changed, Ramzan said. The malicious
JavaScript code embedded on the attacker's Web page logs into the router using
the default credentials--often as simple as "admin" and "password"--and changes
the settings.
