Home routers under attack in ongoing malvertisement blitz
'As you read these words, malicious ads on legitimate websites are targeting visitors with malware. But that malware doesn't infect their computers, researchers said. Instead, it causes unsecured routers to connect to fraudulent domains. Using a technique known as steganography, the ads hide malicious code in image data. The hidden code then redirects targets to webpages hosting DNSChanger, an exploit kit that infects routers running unpatched firmware or are secured with weak administrative passwords. Once a router is compromised, DNSChanger configures it to use an attacker-controlled domain name system server. This causes most computers on the network to visit fraudulent servers, rather than the servers corresponding to their official domain.' -- source: http://arstechnica.com/security/2016/12/home-routers-under-attack-in-ongoing... Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/
On Mon, 19 Dec 2016 10:43:02 Peter Reutemann wrote:
'As you read these words, malicious ads on legitimate websites are targeting visitors with malware. But that malware doesn't infect their computers, researchers said. Instead, it causes unsecured routers to connect to fraudulent domains.
Using a technique known as steganography, the ads hide malicious code in image data. The hidden code then redirects targets to webpages hosting DNSChanger, an exploit kit that infects routers running unpatched firmware or are secured with weak administrative passwords. Once a router is compromised, DNSChanger configures it to use an attacker-controlled domain name system server. This causes most computers on the network to visit fraudulent servers, rather than the servers corresponding to their official domain.'
-- source: http://arstechnica.com/security/2016/12/home-routers-under-attack-in-ongoin g-malvertisement-blitz/
Cheers, Peter
A comment on this page: https://it.slashdot.org/story/16/12/14/2059217/malvertising-campaign-infects... your-router-instead-of-your-browser Suggests doing the following: In Firefox, go to about:config and set these preferences: media.peerconnection.enabled = false media.peerconnection.video.enabled = false media.peerconnection.turn.disable = true media.peerconnection.use_document_iceservers = false Wayne
participants (2)
-
Peter Reutemann -
Wayne Rooney