While malicious domain name resolution can result from compromises in the large numbers of trusted nodes that participate in a name lookup, the most vulnerable points of compromise are near the leaves of the internet. For instance, incorrect entries in a desktop computer’s Hosts file, which circumvents name lookup with its own local name to IP address mapping, is a popular target for malware. Once rewritten, a legitimate request for a sensitive website can direct the user to a fraudulent copy. Desktops are often better targets for pharming because they receive poorer administration than most internet servers.
Alternatively, many routers have the ability to replace their firmware (i.e. the internal software that executes the device’s more complex services). Like malware on desktop systems, a firmware replacement can be very difficult to detect. A stealthy implementation will appear to behave the same as the manufacturer’s firmware; the administration page will look the same, settings will appear correct, etc. Pharming is only one of many attacks that malicious firmware can mount; others include eavesdropping, active man in the middle attacks, and traffic logging. Like misconfiguration, the entire LAN is subject to these actions.
By themselves, these pharming approaches have only academic interest. However, the ubiquity of consumer grade wireless routers present a massive vulnerability. Administrative access is available wirelessly on most of these devices. Moreover, since these routers often work with their default settings, administrative passwords are commonly unchanged. Even when altered, many are guessed quickly through dictionary attacks, since most consumer grade routers don’t introduce timing penalties for incorrect login attempts. Once administrative access is granted, all of the router’s settings including the firmware itself may be altered. These factors conspire to make drive-by router compromise a clear and present threat. These attacks are difficult to trace because they occur outside the home or small office and outside the internet.
Source : wikipedia