BROADBAND users are at risk from a newly identified network threat that could let criminals prey on web surfers.

Up to 50% of home broadband customers may be susceptible to a type of attack known as "drive-by pharming", experts warn. It only affects those who have left their broadband routers with the default password.

Simply by viewing a rogue website, without downloading software, they could unwittingly allow their bank accounts to be targeted.

Visiting the site activates a system that re-routes the user away from his or her normal server.

Without realising it, victims are connected to the criminals' server, which directs them elsewhere on the internet so the next time they log onto their bank, to check an account or pay a bill, the new server shows a replica bank site possibly even an exact copy of the real one.

The victim's user name and password can then be stolen, allowing the attacker to access the real bank site and rob the account of funds.

Broadband routers employ different systems and not all are vulnerable to drive-by pharming. But experts say up to 50% of popular wireless routers could be at risk.

Dr Zulfikar Ramzan, of software firm Symantec, said they had only just discovered the threat.

He told the American Association for the Advancement of Science in San Francisco: "The attacker will try to get you to go to his website.

"It might be a new video of Britney Spears with her bald head; gossip, celebrity pictures, or pornography.

"All you have to do is look at it. They say curiosity killed the cat - now it may also kill your bank account."

It is not known whether anyone has yet fallen victim to drive-by pharming, but Dr Ramzan said he felt it was essential to warn people of the threat.

He added: "We are working night and day to find ways of defending against these threats."

Symantec is looking at new systems that can monitor the behaviour of a program and spot when it is acting strangely. Avoid 'pharming'

•One way to guard against drive-by pharming is to change the default internal password used by the router.

•Be very wary of clicking on any links or sites that seem in any way suspicious.