Today I saw a Netgear DG834GT gateway poisoned with bad DNS servers (213.109.66.237 & 213.109.65.28). Even though the router had a strong password set, an infected machine within the network had found a way to change these settings. Because of this the user was getting lots of popups and diverted to different sites whilst browsing.
This is something I hadn’t seen before (well not on a strong password-protected box at least). There must be vulnerabilities with the firmware of the NetgearĀ despite it already running the latest firmware (v1.03.23).
I hope we don’t see more of this type of attack.