Most home users with a broadband connection have a router that sits between the cable or DSL modem and their computer(s). If that is you, read this carefully.
On second thought (thanks Leo) everyone should read this posting because the simple question of whether there is a router in your home/office sitting between you and the Internet is not the trivial question it used to be. Way back, broadband modems (cable and DSL) were separate pieces of hardware from routers. No more. So even if there is a single box between your computer(s) and the outside world, it may very well be both the modem and the router.
Just by looking at a web page, you can lose your life savings.
Let me explain. A malicious computer program can live inside a web page and run automatically when the page is viewed. This new type of malicious software will modify configuration settings in your router such that when you type in the name of your bank to go to its website, you will instead end up at the website of a bad guy imitating your bank. You enter the userid/password for your bank and the next day there is no money in your accounts.
Nothing is more dangerous than this on the Internet.
Every router has a website built into it that is used for configuring the dozens of options. To make configuration changes you log into this website with a userid/password (the router also has a default IP address that can be used to access its internal website) . For the malicious program to make changes to your router, it needs to know the userid/password. This is only possible if the default password was not changed when the router was installed. That is, if a good computer nerd installed the router you are safe. If your router is still using the default password, change it now!
How can the malicious program know the default userid/password for your router? How can it even know which router you have? It doesn't need to know your exact router model. There are only a handful of companies making the most popular routers. The default userid and password used by these companies is well known. All the program has to do is try them all. It's not a long list.
If you don't know the userid/password to log into your router, I can't stress how important it is to find out. In addition, you also need to know the internal IP address of the router so that you can access it with a web browser.
Let me re-state the problem to hopefully scare you into action. If you enter "www.citibank.com" into your web browser (or use a Favorite/Bookmark) then everyone knows you will go to Citibank's website. But, if you are the victim of this attack, it will not be true. You may end up at a website that looks exactly like Citibank's but is designed for the sole purpose of stealing your userid/password. Even worse, you may end up at the real bank website, but the bad guys could have set themselves up in between you and your bank. Thus, they see everything you enter and all seems perfectly normal because you are, in fact, actually dealing with your bank's website. Just not directly.
Not to pick on Citibank, they are just used as an example.
Computers on the Internet have a unique number assigned to them. They talk to each other using these numbers (us nerds call them IP addresses). Words and letters and names such as google.com or michaelhorowitz.com exist solely for the convenience of human beings. There is a huge system on the Internet called DNS that translates domain names into their corresponding numbers. Every time you ask for a website by name, your computer first contacts a DNS server machine to translate the name to the unique number. This happens so fast that you don't notice it.
The way this attack works is by changing the DNS server computers you use for translating names to numbers. Thus if www.citibank.com should translate to 188.8.131.52, the DNS computers of the bad guys would instead translate it to 184.108.40.206 (the numbers are just for illustration) which just so happens to be their identity theft website. Think of it as having a total stranger translating spoken languages. You can never be sure if the translation is accurate or not.
Adding to the danger of this attack is that it's undetectable. That is, anti-virus and anti-spyware software will not protect you. No files are put on your computer. In fact, no changes are made to your computer at all! Still worse, to review the settings in your router to see if anything has been changed, takes a computer nerd. Its too techie for normal people. As I said, this is as dangerous as dangerous gets.
Technically, this type of attack is known as pharming. Phishing refers to tricking a human being to go to the wrong website. Pharming involves tricking your computer to go to the wrong website.
The following is a bit techie.
You can, and should, also protect your router by changing its IP address. This doesn't offer perfect protection, but does make it harder for the malicious software to find your router.
Another way to protect yourself is modifying the TCP/IP settings on your computer so that you don't get DNS services from your router. Let me explain:
Typically when your computer needs to translate a domain name to a number (IP address) it asks the router to do this and the router, in turn, talks to a dedicated DNS computer run by your ISP. A large organization may run their own DNS computers. The whole point here is that the bad guys can modify the router to talk to their DNS server.
Every ISP runs at least two dedicated DNS computers and they will be glad to provide their IP addresses (it's probably listed on the website of your ISP, this isn't a secret). My point here is to configure TCP/IP on your computer to talk directly to the DNS server of your ISP and avoid having the router acting as a middleman. Thus, even if the router is talking to a bad/compromised DNS server computer, you are not asking the router to do the DNS name-to-number translation.