- Get link
- Other Apps
Technically, it is not malware. However, it takes a name that can scare. The so-called "router virus" applies masterstrokes, without the machine owner noticing, and sneaks into "a sneaky device that is crucial to your Internet connection, but totally vulnerable: the Wi-Fi router. With the power to change the DNS address and direct navigation to fake websites, the objectives are many and range from the massive display of ads, to profit from systems like Google Ads, to the installation of malicious software that steals personal and banking data of the victims.
The Router Can Be Infected in Two Ways
The move works with two types of attacks.
One is remote, with no interaction with the router owner. The computer doesn’t even need to be turned on and no one needs to click on anything. The changes all occur in the network distributor device that, to work, uses software, the firmware, full of flaws.
It is so quiet and so fatal that it can control the navigation of all devices in the house
The second type is an attack made by the Internet and involves interaction. The user receives an email with any topic, with a link to a website. Often, images from different file formats are used to run the scripts in email messages. For this very reason, most message boxes do not open pictures of unknown origins by default.
When the user clicks on this URL (either in a photo or in a text), a series of scripts come into action and give a command to change the DNS of the router that uses default passwords, those that are already configured. Many people still do this, do not change the password that comes from the operator for a strong password.
The script tries to guess the network login and change the DNS of the computer's router. If the user has changed the default password, another step comes. The victim receives an email, clicks on the link, and the script tries to guess the password and fails. This is where a pop-up window opens asking for the router's password. If the user "delivers", he will be infected and have his DNS changed, redirecting the sites.
What Happens to an Infected Wi-fi Network?
With the change in DNS, the router will direct all Internet browsing to websites that the criminal controls. This means that no active virus will be noticed on the computer. It impacts all connected devices, including your cell phone, connected to the same network device.
There is no active virus left on the machine. So, technically, we don't classify this as malware.
The antivirus has features that can detect DNS changes, but especially when the user is going to access online banking, payment, and account sites, which have an additional layer of protection. There is, however, no glaring and universal symptom. The most reliable sign that the user is in trouble is that the https security lock disappears. DNS forwards navigation to a fake, insecure website and steals your bank details, e-mail, whatever you want.
Another symptom is slow navigation, as you are sharing a network with several other victims. In some attacks, the criminal can avoid this without slowing down the computer. When there is a larger structure, the criminal can manage many people on the same network without impact.
Why Would Anyone Do That?
It all depends on the criminal's goal. The scam may involve advertising banners, ads, and malicious links. As a result, the user will start to see too many advertisements on the websites they visit, on pages that traditionally have no advertisements, such as Wikipedia, which lives on donations.
In addition to stealing financial data and causing harm to victims, scammers take advantage of features like AdSense, create fake websites full of advertising, and profit from the clicks you give them.
It's easy to see when the focus is on profiting from ads. Usually, the advertisement appears crooked in the desktop version. Or, on the cell phone, the owner of the device starts to see sites with desktop and non-mobile advertising. Smart TVs, video games, everything is vulnerable if it's a connected device.
"It is so silent and so fatal that it can control the navigation of all devices", warns Assolini, pointing out that all home devices are usually connected to the same router.
How to Avoid or Get Rid of the Router Virus?
Remember the two types of attacks mentioned at the beginning of the text? They make all the difference. In the first type, the criminal is exploiting some vulnerability and there is only one way to resolve it by updating the router's firmware. The updates include bug fixes and security holes.
However, updating the firmware is not very usual, nor very easy. If done poorly, it can turn the router into a brick and the device will no longer work on a network, with a total loss. The first thing to do without thinking about firmware is to replace the network device with a new one.
In the second case, in which there was user interaction (try to remember something), the user just needs to change the password. When browsing, if a pop-up asks for a login and password, you shouldn't take any chances. The screen looks similar to Windows, does not resemble a browser or website.
Still, according to experts, good antivirus software can alert you when something is wrong. When the user enters a fake bank website, the antivirus will report and prohibit access to the website. No system will, however, prevent this from happening with the home router.
Fernando Mercês, the researcher at Trend Micro, also gave some important tips. The expert recommends, in addition to a good antivirus, use browser plugins that control the execution of scripts, such as No-Script. Another suggestion from the specialist is to change the IP of the modem/router to a "non-standard" IP, which may require the presence of a technician so that everything goes smoothly.
A Nightmare for All Users
This type of attack affects any operating system: Mac OS, Windows, Linux, Android, iOS, Windows Phone, BlackBerry, all of them. It is also not possible to install an antivirus on the router, yet, and all network devices have failures. Some manufacturers are more concerned, others are not as careful. Of those who care, receive the failure alert, and correct the firmware. However, users are not always aware of them or know how to execute them safely and properly.
Comments
Post a Comment