A security researcher with Symantec says he has seen a new form of attack on the loose, on the Web. It involves malware embedded in a web site or email, in the form of malicious code. The code can change a high-speed home router’s settings, which control the Domain Name System (DNS). The technique is called a cross-site request forgery.

Here is a brief explanation of how the works (for more information, see my book): every web site is identified by a number, called an IP (Internet Protocol) number. This number is the real address of the site. But numbers are hard for us humans to remember, so web sites use a name instead, such as pbs.org. When pbs.org is entered into your browser, it has to be converted to the number (or real address) before your computer can go find the site for you. The DNS, or Domain Name System, is a lookup that matches the name with the IP number.

So when you enter pbs.org into your browser, your computer first goes to your file, on your computer, to try and find the IP number. That file is usually empty, or almost so. Your computer does not find the IP number there, so it goes to a series of computers called Domain Name Servers on the Internet, until it finds the number or until it becomes clear that the number just does not exist.

Once those settings are hijacked, an innocent attempt to visit your bank’s Web site could land you at a fake site that will relieve you of your username and password, and then your money. In one example, this happened to a Mexican bank and its customers.

Attempts to penetrate compromised routers have been called drive-by pharming attacks. To be successful, the attack should require the router’s password. But many people never change their default password, thus allowing the exploit. Certain brands of routers have been successfully attacked even without any password at all.

Take the time now to change your router’s password and settings. Do not just use the defaults, especially if you have a wireless router. In this case, the default factory settings usually provide little or no security.

Syd Tash is a noted computer security consultant and author of How to Protect Your Computer Online. He has been keeping Internet surfers safe and secure since the last century. Find out how he does it; protect your own computer with five layers of protection right here: = > http://MyPCSecuritySite.com

You may include these Tips in your web sites and publications provided they remain unchanged and include the above paragraph, with the author’s name and web site. You can also get a direct URL to this post. Click the title, then copy the URL in the browser address bar.

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!