The solution: make your router's admin password hard to guess.
I recently developed this with Zulfikar Ramzan from Symantec, who forwarded to my advisor (Markus) an interesting Black Hat talk by Jeremiah Grossman. Markus in turn forwarded to me and that's when it struck me that we could similarly mount a pharming attack without playing man-in-the-middle - all it takes is a tweak of the router's DNS server setting, and a whole home network is pharmed. Coupled with the idea that roughly 50% of broadband routers still use the default password, this attack affects a whole lot of people.
Symantec PR picked up on what we did, and issued a press release today:
(Symantec Press Release)
(Zully's Blog Post)
Select Media Coverage:
(Info World -- IDG article)
(BroadbandReports.com -- amusing comments thread)
(Washington Post Blog)
Update (16-Feb-07 9:30am ET): The story got picked up by Forbes ad the Washington Post, and the Google News index on "Drive-by Pharming" is roughly fifty-something.
My Favorite Headlines:
Researchers highlight a router route to pharming
New Drive-By Attack Taking Over Home Routers
Broadband routers welcome drive-by hackers
Change Your Router Password NOW!
Update (16-Feb-07 10:30am ET): Slashdot picked it up.