All Sections

Over 300,000 home and small office routers infected by malware

Hackers operating a wide-scale malware attack could have affected over 300,000 wireless routers across the world, a report reveals. 

Researchers Team Cymru say that the attack is not limited to one type or brand of device, noting that D-Link, Micronet, Tenda and TP-Link routers have been compromised. 

While only a small number of people are thought to have been affected in the UK, the attack is seen as part of a growing trend. 

Over 300,000 home and small office routers infected by malware
Your mine now: Changes to DNS settings could redirect customers to scam sites

The largest number of affected devices are located in Vietnam, Italy, Thailand, Indonesia, Colombia, Turkey, Ukraine, Bosnia and Herzegovina, and Serbia. 

The routers were all of the SOHO (Small Office, Home Office) variety, similar to the type of kit the average domestic customer uses in the home and all of the passwords had been changed from the default admin name. 

Changing the default passwords of your home broadband router and picking a strong password is a standard security measure everyone should undertake when setting up a new bit of hardware. 

Compromised devices would have had DNS settings altered by the attack, potentially exposing customers to fake bank sites, phishing sites and other forms of attack. 

Hacked devices will have their DNS redirected to one of two IP addresses, either 5.45.75.11 or 5.45.75.36. Team Cymru’s report advises that customers should check their DNS settings of devices and if possible disable remote access. 

The report notes that there are similarities to an attack which affected customers of mBank, a Polish bank, between December 2013 and February 2014. Unlike this attack, Team Cymru has yet to identify whether or not those behind this latest attack are attempting to access people’s bank details or simply plans to expose compromised customers to different adverts or drive-by malware attacks. 

The report notes that intensive bank account transfers across a large and geographically diverse network would be hard to conduct, meaning a repeat of the mBank attack is unlikley. 

Recent discovery of a loophole in EE’s BrightBox broadband wireless router prompted a quick response and updates from the UK’s fifth largest ISP

Image: Adam Thomas/Flickr

Comments