A new variant of router malware has been uncovered that injects unwarranted ads and pornography into websites by modifying the router's DNS settings. Thanks to a clever implementation, this malware can hijack nearly every website on the internet for malicious purposes.
Uncovered by Ara Labs, this variant of router malware intercepts the Google Analytics code found in most websites, redirecting requests to the attacker's server that sends back ads and porn in response. As so many websites use Google Analytics for traffic statistics, it becomes the perfect target for this sort of DNS attack.
As the malware injects ads and porn into nearly every website a user browses to, the attackers can sell ad spots and generate revenue for themselves. It can be quite a lucrative business if they can infect a large number of routers.
The malware finds its way into routers by exploiting the fact that many people don't change their router's default login credentials. It also attempts to send unauthenticated configuration requests to routers, which some models are vulnerable to. Ara Labs didn't specify what routers are affected, but keeping your router's firmware up to date and changing the default login credentials are good ways to keep secure.
It's also worth nothing that traditional anti-virus software won't pick up router-based malware, as no component of the malware is actually installed on your PC. This makes it especially difficult to combat and remove on a user's network.