Drive-By Pharming

Symantec has an excellent flash animation explaining drive-by pharming, a technique by which attackers can steal your personal information and credentials by subverting your DNS settings in your router.

The attack is triggered by visiting a malicious web site which hosts some Javascript code. This code attempts to login to your home router using the default username and password (but you changed that, right?). If it is successful it changes your DNS settings to those of a DNS server controlled by the attacker, allowing them to redirect your traffic to servers they control. They can make a website that looks like your bank, then using this technique, when you try to visit your bank online you will actually be visiting their server, and there will be no visible sign that this isn't your bank.

They can then perform a man-in-the-middle attack, taking your login details and passing them onto the reak bank, acting on your behalf, performing transactions as you request, and any of their own while they are there.

To protect yourself from this attack you should make sure you have changed the default password (and username if possible) on your router, and stay away from the shadier parts of the web.