Recently, a well-known security researcher showed that vulnerabilities in popular routers actively attacked by malware, but also weak and default passwords appear to be a way through which attackers take control of the devices. Anti-virus company Trend Micro warns of DNS changer malware. The malware executes from the internal network user brute force attacks on the administrator interface of the router.
Then, the DNS settings are adjusted. The Domain Name System (DNS) is similar to the directory and translates among other domain names into IP addresses. By adjusting the DNS of the router can fit criminals traffic from users via their server run.Most operating systems are configured to use the DNS settings of the router. Once a computer or other device connected to the router, the custom DNS settings will be used. This allows users of the assailants attacked router forwarding to as phishing sites or into downloading malware.
"Keep Custom DNS settings that users do not know if they navigate to reliable or fake websites," says Fernando Merces. He notes that users who have not changed the default password of the router particular risk. The attack begins via a phishing attack, which points to a page with a script. This script then runs from the internal network brute-force attack on the router.Because the browser is running the script, the traffic is sent to the router as an internal request.
The script use the assailants attempting to both the IP address and password of the router councils. The script supports different models and manufacturers, among others TP-Link and D-Link. The attacks seem focused on Brazil, where 88.3% of the attacked device was observed, followed by the US (2.9%) and Japan (1.3%). Users are advised to use secure passwords for all accounts on the router, change the default IP address and disable the remote management features. In addition, Firefox NoScript is recommended that the execution of scripts can block in the browser.
No comments:
Post a Comment