A new computer hacking attack called Pharming

Do you have a router in your home network? Many people do because they’ve either bought one at the store or, when they’ve gotten DSL installed, the installing company gave or sold them one. If you do, you should read the following.

I’m going to cut to the bottom line here for those who just want the beef without all the trimmings. If you have a router in your system and you haven’t changed its default from-the-factory password and you pass secret data over the Internet (things like bank account passwords), then you are taking a big risk!

Here’s why: If you visit a website wherein someone has installed malicious JavaScript code, this code will execute invisibly on your system – you won’t see a thing. And you just have to merely visit the web site – nothing else – no opening of files, no clicking of links or anything else – you just looked at it and then left. If you visit such a web site, you’ll never even know that this JavaScript code executed. And, if you visit such a site and your router’s password is still the factory default, you could be toast.

The JavaScript that invisibly executes will reach through your local network into your router (it gets into the router because it knows the password) and reprogram it so that it uses a different DNS server than the one you should be using. This kind of an attack is called Pharming.

Well, so what does that mean to you in plain English? DNS servers on the Internet are responsible for translating web site names like www.citibank.com into IP addresses like 123.456.789.123. These IP addresses are how each computer on the Internet is uniquely identified and differentiated from all of the rest. When you type in ‘www.citibank.com’, your system asks a trusted DNS server out on the Internet to translate it into an IP address and then once it has that address, it begins to chat with that computer. Getting the right number back from a trusted DNS server is critically important because it is your guarantee that you are really talking to the computer you think you are.

– What the hackers do is they change the identity of the DNS server in your router so the next time you need a web site name translated to an IP address, you unwittingly go to their DNS server system rather that the trusted one you’ve been using. Most of the time, this bogus DNS server will give you back good accurate data because it is biding its time. But, when you type in a specific web site name like www.bankofamerica.com, it recognizes it and the IP address number it returns to you is not the one for Bank of America but rather a number that takes you to their computer which is all setup to pretend to be a Bank of America computer system. Their computer will look exactly like the real Bank of America system and you will type in the passwords that give you access to your accounts and BAM, they will have them. I think you can work out what might happen next.

This kind of an attack is called Pharming and it is fairly new.

So CHANGE THE DEFAULT PASSWORD ON YOUR ROUTER and save yourself some grief. If you do on-line banking and you don’t, sooner or later you are going to chance across one of these dangerous web sites and you’ll never even know it until your bank account’s are cleared out.

Here are links to two on-line articles on this subject: &

And, in case you are less than computer literate, here’s a link that takes you to an explanation of what a router is and what a DNS Server does

Oh, and one other important point. If you do change your router’s password, change it to something that isn’t easy to guess and that you’ll remember. You may need to get into your router for something else in the future and you’ll feel pretty silly if you are blocked by your own forgotten password.   But, maybe safe and silly is better than not-silly and … broke 🙂 .

Comments are closed.