In this attack, dubbed Drive-by Pharming, consumers may fall victim to pharming by having their home broadband routers reconfigured by a malicious Web site. According to a separate informal study conducted by Indiana University, up to 50% of home broadband users are susceptible to this attack.
 
With traditional pharming, an attacker aims to redirect a user attempting to visit one Web site, to another, bogus Web site. Pharming can be conducted either by changing the host file on a victims computer or through the manipulation of the Domain Name System (DNS). Drive-by pharming is a new type of threat in which a user visits a malicious Web site and an attacker is then able to change the DNS settings on a users broadband router or wireless access point.

DNS servers are computers responsible for resolving Internet names into their real addresses, functioning as the 'signposts of the Internet. For two computers to connect to each other on the Internet, they need to know each other's IP addresses. Drive-by pharming is made possible when a broadband router is not password-protected or an attacker is able to guess the password for example, most routers come with a well-known default password that a user never changes.
 
This new research exposes a problem affecting millions of broadband users worldwide. Due to the ease by which drive-by pharming attacks can be launched, it is vital that consumers adequately protect their broadband routers and wireless access points today, says Premlan Padayachi, consumer country manager for Symantec Africa.

Professor Markus Jakobsson of the Indiana University School of Infomatics emphasises that this attack shows how important the human factor is in security While drive-by pharming arises due to inadequate protective measures, there is also another human component: If an attacker can trick you into visiting his page, he can probe your machine. Deceit is not new to humankind, but it is fairly recently that security researchers started taking it seriously."
 
Drive-by pharming involves the use of JavaScript to change the settings of a users home broadband router. Once the user clicks on a malicious link, malicious JavaScript code is used to change the DNS settings on the users router. From this point on, every time the user browses to a Web site, DNS resolution will be performed by the attacker.

DNS resolution is the process by which one determines the Internet address corresponding to a Web sites common name. This gives the attacker complete discretion over which Web sites the victim visits on the Internet. For example, the user may think they are visiting their online banking Web site, but, in reality, they have been redirected to the attackers site.
 
These fraudulent sites are an almost exact replica of the actual site so the user will likely not recognise the difference. Once the user is directed to the pharmers 'bank site, and enters their user name and password, the attacker can steal this information. The attacker will then be able to access the victims account on the 'real bank site and transfer funds, create new accounts, and write cheques.
 
Symantec Security Response recommends that users employ a multi-layered protection strategy:
* Make sure their routers are uniquely password protected. Most routers come with a default administrator password which is easy for pharmers to guess.
* Use an Internet security solution that combines anti-virus, firewall, intrusion detection, and vulnerability
* Avoid clicking on links that seem suspicious for example, those sent to you in an e-mail from someone you do not recognise.
 
Existing security solutions on the market today cannot protect against this type of attack, since drive-by-pharming targets the users router directly, and the existing solutions only protect the users computer system.