Are you a victim of recent router hijacks?

Last week more than 300,000 home broadband routers had been infected by a new Domain Name System (DNS) redirection exploit. This exploit redirects your internet traffic to phishing servers that could then be used to gather personal information about the user, or even account logins and passwords.

AAISP’s customers in the United Kingdom were effected by a related exploit which changed the DNS settings on their routers.

Customers of PlusNet have also been experiencing the same problem:

A Spokesperson for PlusNet said:

Since last week, we’ve seen an increase in the amount of malicious DNS traffic being directed through to Plusnet IP ranges.

It appears that some of our customers, (and no doubt a number of other people out on the internet) running TP-Link, Linksys and Edimax routers have been compromised due a vulnerability which appears to allow the allocated DNS server in the router to be changed.

This means requests to domains like Facebook or Google are being redirected on ALL devices behind the router to a website which contains a malicious payload disguised as a Flash update.”

But the question is, will this exploit affect you?

The majority of affected routers are simple devices that are still using the default settings that they were provided with, this is not that surprising as few users pay attention to this.

Business grade systems that are professionally setup and regularly updated are unlikely to be affected. With attacks such as these rapidly increasing in regularity applying some focus to security sooner rather than later is advised.

Security0 comments