So compromising one DNS lookup is sufficient, ex:

1. Home router compromised, DHCP/DNS settings changed.

2. Report a wrong (malicious) IP for ww2.ati.com.

3. For HTTP traffic, it snoops and looks for opportunities to inject a malicious binary.

4. HTTPS traffic is passed through unchanged.

__________

If anyone still has their home-router using the default admin password, consider this a little wake-up call: Even if your new password is on a sticky-note, that's still a measurable improvement.

The risks continue, though:

* If the victim's router settings are safe, an attacker on the LAN may use DHCP spoofing to trick the target into using a different DNS server.

* The attacker can set up an alternate network they control, and trick the user into connecting, like for a real coffee shop, or even a vague "Free Wifi."