Brian Krebs reports for the Washinton Post.
Malware Silently Alters Wireless Router Settings
Philip Sloss, a software engineer for myNetwatchman.com, said he first observed the activity while examining a Zlob variant distributed on May 22. The DNS hijack occurs, he said, during the installer program, so by the time the user sees the fake codec installer screen, the malware has already attempted to change DNS settings on the victim’s router.
I reached out to researchers at Sunbelt Software to check Sloss’s data, and Sunbelt was able to confirm that the malware successfully changed the DNS settings on a Linksys router (model BEFSX41), pulled straight out of the factory box (with the default username and password). Another test showed that the Zlob variant successfully changed the DNS settings on a Buffalo router running the DD-WRT open source firmware.
Sunbelt also found that if there are multiple machines using the same router, all of the systems connected to that router will have their traffic hijacked.
{ 0 comments… add one now }