New router malware injects ads and porn into websites

Scorpus

Posts: 2,156   +238
Staff member

ads porn router malware google analytics dns hack

A new variant of router malware has been uncovered that injects unwarranted ads and pornography into websites by modifying the router's DNS settings. Thanks to a clever implementation, this malware can hijack nearly every website on the internet for malicious purposes.

Uncovered by Ara Labs, this variant of router malware intercepts the Google Analytics code found in most websites, redirecting requests to the attacker's server that sends back ads and porn in response. As so many websites use Google Analytics for traffic statistics, it becomes the perfect target for this sort of DNS attack.

As the malware injects ads and porn into nearly every website a user browses to, the attackers can sell ad spots and generate revenue for themselves. It can be quite a lucrative business if they can infect a large number of routers.

The malware finds its way into routers by exploiting the fact that many people don't change their router's default login credentials. It also attempts to send unauthenticated configuration requests to routers, which some models are vulnerable to. Ara Labs didn't specify what routers are affected, but keeping your router's firmware up to date and changing the default login credentials are good ways to keep secure.

It's also worth nothing that traditional anti-virus software won't pick up router-based malware, as no component of the malware is actually installed on your PC. This makes it especially difficult to combat and remove on a user's network.

Permalink to story.

 
So basically the same old story, change your well known default passwords on everything.
 
I had a customer who's router DNS was changed and they only way we knew was malwarebytes was basically blocking any website we tried to go to including google.com. So malwarebytes pro could at least alert you to this type of infection.
 
I had a customer who's router DNS was changed and they only way we knew was malwarebytes was basically blocking any website we tried to go to including google.com. So malwarebytes pro could at least alert you to this type of infection.

Glad I have Malwarebytes Pro, too. Thanks for sharing the experience.
 
Yes, once the address of the DNS is hacked, you're up-a-creek!

as suggested above, reset the router and immediately change the login password. Also disable remote management altogether.

you can also benefit by replacing your ISP dns addresses with the google
8.8.8.8 &
8.8.4.4
 
Fine, but many are thinking other-way-round; avoid unrequested content and their ads
 
Fine, but many are thinking other-way-round; avoid unrequested content and their ads
After eight and a half years of me here, I'm hoping you didn't take my earlier comment seriously..

With that said, I'd absolutely prefer to go to the "erotic art", than have it come to me.
 
That's one of the very 1st things I do, when I buy a new modem or router.

1) Upgrade the firmware.
2) Change the default login.
3) Or even better, if your modem/router is supported, you could flush the DD-wrt firmware.
 
Back