Devilish DNS Attack Compromises 300,000 SoHo Routers

By

Pharming scheme lets attackers replace any URL with a malicious copycat site.

Security researchers at Team Cymru published the results of a study describing a DNS pharming attack that has compromised more than 300,000 small office and home (SoHo) routers around the world. The attack replaces the DNS settings in the router with the address of a DNS server controlled by the attackers. By controlling the DNS server, the attackers can route users to conterfeit websites to capture passwords and banking information or push rootkit-style intrusion tools onto the victim's network.
According to the report, most of the victims discovered so far are in Asia and Europe, however, the technique is equally effective in other parts of the world. Compromised routers apparently had their DNS server set to the addresses 5.45.75.11 or 5.45.75.36. Routers from several vendors are suceptible to the attack, including Tenda, TP-Link, D-Link, Micronet, and others. 

03/04/2014

Related content

comments powered by Disqus