[ALUG] Exploit kit attacking SOHO routers
Andreas Tauscher
ta at geuka.net
Wed May 27 16:27:58 EAT 2015
An new exploitkit is targeting actual over 50 routers.
Actual if might be already more. This exploitkit seems to be actively
developed.
It is a java script distributed by compromised web sites. It is looking
for the local router, tries to identify it and then if a exploit for
this model is available trying this exploit or trying default passwords
to change DNS settings on the router.
With a changed DNS the attacker can redirect the victim to any place he
wants in order to steal logins, passwords, banking information, credit
card numbers.......
Details about the exploit kit are at:
http://malware.dontneedcoffee.com/2015/05/an-exploit-kit-dedicated-to-csrf.html
F-Secure has a check online is a suspicious DNS resolver is used:
https://campaigns.f-secure.com/router-checker/
How to protect:
Check if for your router a firmware upgrade is available and install it.
Change the default password.
Since the attack is coming from inside this will not protect you but do
it anyway: Disable access from outside to the admin interface.
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.habari.co.tz/pipermail/linux/attachments/20150527/83a1f6ce/attachment.pgp>
More information about the Linux
mailing list