Today I saw a Netgear DG834GT gateway poisoned with bad DNS servers (188.8.131.52 & 184.108.40.206). Even though the router had a strong password set, an infected machine within the network had found a way to change these settings. Because of this the user was getting lots of popups and diverted to different sites whilst browsing.
This is something I hadn’t seen before (well not on a strong password-protected box at least). There must be vulnerabilities with the firmware of the Netgear despite it already running the latest firmware (v1.03.23).
I hope we don’t see more of this type of attack.