Researchers have discovered malware that attacks routers and then injects ads and pornography on websites that the user visits. Once the malware has been given access to the router, which is done by default usernames and passwords, the DNS settings are changed.
The Domain Name System (DNS) is similar to the directory and translates among other domain names into IP addresses. By adjusting the DNS of the router can fit criminals traffic from users via their server running. Most operating systems are configured to use the DNS settings of the router. Once a computer or other device to connect to the router, the custom DNS settings will be used.
With this modified DNS settings, it is possible for users to send by other websites, even if they tap the correct address in the address bar of the browser. In the case of custom DNS settings are requests to google-analytics.com intercepted. When users visit a website that used Google Analytics she redirected to a fake Google Analytics site.
Google Analytics is a service that allows websites to gain insight into the use of their website. If a website is viewed with Google Analytics, Google Analytics Javascript code which will download and run, after which the user's view is counted in the survey. Once the user to the fake Google Analytics site is redirected he gets malicious Javascript code which is then presented with advertisements and pornography on the website visited then injects.
Researchers from Ara Labs , which the malware discovered , argue that it is not a vulnerability in Google Analytics, but that the service because of the great popularity is the target. The makers of the malware get paid again to generate traffic to the websites and ads shown. To prevent the attack Internet users are advised to update the firmware on their router and change the default password.
No comments:
Post a Comment