The report which was released from the Team Cymru says that more than 300,000 Routers have already been hijacked of which the spread have mostly effected the devices from Europe and Asia, with vietnam, India, Italy and Thailand the leads in the victim.
|Geographical distribution of widespread|
Effected brands of Routers including D-Link, Tp-Link, Micronet, Tenda and many others were found to be vulnerable to multiple exploit techniques including a recently disclosed authentication bypass vulnerability in ZyXEL Cirmware and Cross-Site Request Forgery (CSRF) techniques similar to those reported in late 2013. said the report
Affected devices had their DNS settings changed to use the IP addresses 220.127.116.11 and 18.104.22.168. As with the DNS Changer malware, unwitting victims are vulnerable to a loss of service if the malicious servers are taken down, as both primary and secondary! DNS IP addresses are overwritten, complicating mitigation.
These attacks had similarities with a n recent attack in Poland which involved hijacked router used by hackers to redirect victim to Phishing websites to grab their online banking credentials.
Team Cymru said, they have reported the incident to the effected router brands, ISP’s and law enforcement agencies.