Wireless routers leave people wide open to attacks on their PCs says security firm Symantec.

Its Security Response, in conjunction with Indiana University School of Informatics, has found that that many broadband users are vulnerable to a type of attack called "pharming" due to an unsecured router.

In a Drive-by pharming attack, a hacker lures a person to a malicious website which then automatically launches malicious JavaScript code to change the DNS or Domain Name System of the person's router.

The hacker is able to change the DNS because most people don't bother to change the default password on their broadband router.

By changing the DNS settings, hackers are able to switch real websites with their fake sites, so that a person visiting their online banking system will be directed to the hacker's fake, but realistic-looking site, where he can record the user name and password.

Symantec Security Response recommends that users change their router's password when they set it up, and use a hefty internet security software suite.

The company has also encouraged router manufacturers to change their system so that each router can be set up with a unique password.