- DNSChanger Malware is back! Hijacking Routers to Target Every Connected Device
Researchers have discovered that attackers are targeting online users with an exploit kit called DNSChanger. According to research malware is distributed via online advertising that hides malicious code in image. DNSchanger malware that infected millions of computers across the world in 2012. DNSChanger works by changing DNS server entries in infected computers to point to malicious servers under the control of the attackers, rather than the DNS servers provided by any ISP or organization, after that infected systems are redirecting on social sites .Attackers could also inject ads, redirect search results, or attempt to install drive-by downloads. Working scenario of this malware is Firstly, the ads on mainstream websites hiding malicious code in image data redirects victims to web pages hosting the DNSChanger exploit kit. The exploit kit then targets unsecured routers. Once the router is compromised, the DNSChanger malware configures itself to use an attacker-controlled DNS server, causing most computers and devices on the network to visit malicious servers, rather than those corresponding to their official domain. Affected Routers: According to router affected routers are D-Link DSL-2740R, NetGear WNDR3400v3 (and likely other models in this series), Netgear R6200, COMTREND ADSL Router CT-5367 C01_R12, Pirelli ADSL2/2+ Wireless Router P.DGA4001N
Cyber Security Tips: Users are advised to ensure that their routers are running the latest version of the firmware and are protected with a strong password, also disable remote administration, change its default local IP address, and hardcode a trusted DNS server into the operating system network settings.