"We recently saw instances of actual attackers attempting a basic version of drive-by pharming. Given the simplicity of the attack and the potential widespread implications, we always felt that it would simply be a matter of time before it happened. The building blocks have been out there for some time and anyone with sufficient familiarity could easily put them together. I’ve said before and I’d like to reiterate that the technical details of the attack are not nearly as noteworthy as the potential widespread implications.
In one real-life variant that we observed, the attackers embedded the malicious code inside an email that claimed it had an e-card waiting for you at the Web site gusanito.com. Unfortunately the email also contained an HTML IMG tag that resulted in an HTTP GET request being made to a router (the make of which is a popular router model in Mexico). The GET request modified the router’s DNS settings so that the URL for a popular Mexico-based banking site (as well as other related domains) would be mapped to an attacker’s Web site." – Content courtesy of Symantec Security Response Weblog: Drive-by Pharming in the Wild