The attack can be launched through malicious code on websites that can reach into your router and modify its settings, exposing you to phishing attempts to get your banking username and password, other login information or other data on your computer – but only if the default username and password haven’t been changed.

Once the username and password have been changed, the drive-by pharming attack won’t work – unless hackers try to use some form of brute force attack to guess your username and password. But for now, that’s more difficult to do or hide.

All-in-all, Symantec’s report has done us all a favor. It has once again brought the crucial importance of security front-and-center into our minds, and will hopefully cause as many people as possible to ensure that no default usernames or passwords are used, anti-phishing technology like Trustdefender www.trustdefender.com is deployed, the latest 2007 Internet Security software is installed and passwords are changed on a regular basis.

And while we only know that Netgear, D-Link, Linksys and now Cisco are affected, chances are that all routers still with default usernames and passwords are at risk.

So... security by obscurity or an attitude of ‘it’ll never happen to me’ is never a good defense. If you’re unsure about your own PC and Internet security status – doing something about it now, before it's too late, and you have to spend good money and time getting back to secure status.
{moscomment}

---

Get stories like this delivered daily - FREE - subscribe now
When you subscribe get a 12 months license for LiveProject
Valued at $99 USD


Download the FREE iTWire desktop alert widget