TechSpot

New router malware injects ads and porn into websites

By Scorpus
Mar 26, 2015
Post New Reply
  1. ads porn router malware google analytics dns hack

    A new variant of router malware has been uncovered that injects unwarranted ads and pornography into websites by modifying the router's DNS settings. Thanks to a clever implementation, this malware can hijack nearly every website on the internet for malicious purposes.

    Uncovered by Ara Labs, this variant of router malware intercepts the Google Analytics code found in most websites, redirecting requests to the attacker's server that sends back ads and porn in response. As so many websites use Google Analytics for traffic statistics, it becomes the perfect target for this sort of DNS attack.

    As the malware injects ads and porn into nearly every website a user browses to, the attackers can sell ad spots and generate revenue for themselves. It can be quite a lucrative business if they can infect a large number of routers.

    The malware finds its way into routers by exploiting the fact that many people don't change their router's default login credentials. It also attempts to send unauthenticated configuration requests to routers, which some models are vulnerable to. Ara Labs didn't specify what routers are affected, but keeping your router's firmware up to date and changing the default login credentials are good ways to keep secure.

    It's also worth nothing that traditional anti-virus software won't pick up router-based malware, as no component of the malware is actually installed on your PC. This makes it especially difficult to combat and remove on a user's network.

    Permalink to story.

     
  2. seefizzle

    seefizzle TS Addict Posts: 278   +142

    What a wonderfully hilarious virus.
     
    SalaSSin likes this.
  3. So basically the same old story, change your well known default passwords on everything.
     
    jobeard likes this.
  4. Jim$ter

    Jim$ter TS Booster Posts: 156   +31

    I had a customer who's router DNS was changed and they only way we knew was malwarebytes was basically blocking any website we tried to go to including google.com. So malwarebytes pro could at least alert you to this type of infection.
     
    gamoniac and BlueDrake like this.
  5. gamoniac

    gamoniac TS Addict Posts: 293   +69

    Glad I have Malwarebytes Pro, too. Thanks for sharing the experience.
     
  6. jobeard

    jobeard TS Ambassador Posts: 9,342   +622

    Yes, once the address of the DNS is hacked, you're up-a-creek!

    as suggested above, reset the router and immediately change the login password. Also disable remote management altogether.

    you can also benefit by replacing your ISP dns addresses with the google
    8.8.8.8 &
    8.8.4.4
     
    cliffordcooley likes this.
  7. captaincranky

    captaincranky TechSpot Addict Posts: 11,702   +1,886

    All free porn comes with ads anyway, so what's the problem?:confused:
     
  8. jobeard

    jobeard TS Ambassador Posts: 9,342   +622

    Fine, but many are thinking other-way-round; avoid unrequested content and their ads
     
  9. captaincranky

    captaincranky TechSpot Addict Posts: 11,702   +1,886

    After eight and a half years of me here, I'm hoping you didn't take my earlier comment seriously..

    With that said, I'd absolutely prefer to go to the "erotic art", than have it come to me.
     
  10. jobeard

    jobeard TS Ambassador Posts: 9,342   +622

    :GRIN: that's the problem with satire
     
  11. infiltrator

    infiltrator TS Booster Posts: 141   +21

    That's one of the very 1st things I do, when I buy a new modem or router.

    1) Upgrade the firmware.
    2) Change the default login.
    3) Or even better, if your modem/router is supported, you could flush the DD-wrt firmware.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...