Sophisticated phishing malicious malware software now uses DNS to direct users to fraudulent sites

When a phisher (or any other attacker) can tamper with your DNS settings (or hosts file or whatever) you have far more serious problems than a phishing attempt.

On every reasonably configured system this is a non-issue, because normal users simply cannot tamper with these settings.

cu

One version of this scenario is a hacker gets into the home router settings because the user hasn't changed the default password and changes the DNS server settings there. I don't know how vulnerable routers are to this possibility, but it motivated motivated me to set a seriously hardened password on the configuration.

^^^^^^^^^^^^^^^^^^^^^

I underlined the operative words for your convenience. "Default password" does not match the criteria.

They are.

Good idea. You should also disable UPnP.

cu