Security experts call it drive-by pharming. You unknowingly visit malicious web page that hosts an exploit - harmful JavaScript code. If JavaScript support is enabled in your browser (in most browsers it is on), code is executed automatically. You won’t notice anything at all. This malicious code uses a technique known as “Cross Site Request Forgery”, which can be used to access your router’s login page. The latter is protected with password, but an exploit has a list of default passwords, which it uses to login. If your router was never reconfigured, it will be hijacked.
Drive-by pharming is an emerging threat that might be used by phishers and malware makers in the near feature.
Interested? The story continues here.
