If you own or buy a Linksys, DLink or Netgear wired or wireless router/firewall box to allow you to share your broadband throughout your household, make sure you change the administrator password on that unit from the factory default. It doesn't matter if your router does not accept administrative connections from the outside - this attack comes from the inside of your network. (Most routers now ship with external admin access turned off, although you can turn it on if you need to get to your router remotely . . . but again, make sure you set a STRONG admin password if you turn that option on for any reason.)
In the background, out of your sight, the script looks up your networks internal gateway address. It then attempts to logon to your routers admin panel using that IP. It can guess the password from one of about five typical login combinations that are widely used by almost all home router manufacturers as their factory setting. It takes advantage of the fact that many owners never change that password.
Once it has control, it changes the DNS settings on your router to point at a hackers "poisoned" DNS server. The idea is that when you browse to your bank (for example) using the correct URL or bookmark, the router looks at the compromised DNS server and sends you off to a phishing site that could look exactly like your banks login site. From there they capture your user ID, password, and of course your bank account.
Simply logging into your routers panel and changing the Admin password to your own unique password will stop this attack.
1) Open your network settings, and look at the Status of your LAN connection. In Windows click on the Support tab. (Not sure how to get this on a Mac, anyone that knows feel free to chime in.) You should see a gateway IP address listed.
2) Enter that IP address into the URL field in any web browser. That's the address for your routers administration panel.
3) You will see a request to login. Try these combinations (or refer to your routers owners manual):
Once you log in successfully, you will see your routers control panel.
4) Refer to your owners manual, or surf the control panel (usually under Setup, or Password, or Administrative Settings) for the Administrators Password reset. Enter in the old password (factory default) in the first field, and your new password twice in the second and third fields, then save or apply your settings.
5) Close your browser, and re-open it to the same gateway IP address, and test the login with your new password. Do NOT check any box that offers the option to remember your password.
Voila, you will not be vulnerable to this particular attack.