300,000 home routers hijacked, can be used to redirect users to anywhere the hacker wants.

A wide spread Compromise of more than 300,000 home and small business routers, allows hacker to alter the DNS Configuration on the victims devices. which allows the hacker to alter the IP address of the server which is sent in response to the user when he sends a request to open a website by entering the URL of the website. The Attacker can lead the victim to an phishing site, inject adverts or malware on the web pages, and even can poison the search results. 

300,000 home routers hijacked, can be used to redirect users to anywhere the hacker wants.


The report which was released from the Team Cymru says that more than 300,000 Routers have already been hijacked of which the spread have mostly effected the devices from Europe and Asia, with vietnam, India, Italy and Thailand the leads in the victim.

Geographical distribution of widespread

Effected brands of Routers including D-Link, Tp-Link, Micronet, Tenda and many others were found to be vulnerable to multiple exploit techniques including a recently disclosed authentication bypass vulnerability in ZyXEL Cirmware and Cross-Site Request Forgery (CSRF) techniques similar to those reported in late 2013. said the report

Affected devices had their DNS settings changed to use the IP addresses 5.45.75.11 and 5.45.75.36. As with the DNS Changer malware, unwitting victims are vulnerable to a loss of service if the malicious servers are taken down, as both primary and secondary! DNS IP addresses are overwritten, complicating mitigation.

These attacks had similarities with a n recent attack in Poland which involved hijacked router used by hackers to redirect victim to Phishing websites to grab their online banking credentials.

Team Cymru said, they have reported the incident to the effected router brands, ISP’s and law enforcement agencies.

Abhishek Kumar Jha
Abhishek Kumar Jha
Knowledge is Power

Read More

Suggested Post