News

Over 20 Router Models Eyed by Hackers,Users Face Phishing Risks

2013-11-21

   In the past few days, Baidu Antivirus Security Center intercepted a Trojan virus named “Trojan.Win32.RouterAttacks.gen”, which can impel infected users to detect routers with vulnerabilities and wait for a chance to alter the router DNS. Once the DNS is hijacked by the hacker, the user may automatically enter phishing sites deliberately constructed by hackers while accessing online banks, online shopping sites or social networks like Facebook. Accessing phishing sites will reveal users’ password information or, more seriously, allow hackers to steal users’ online funds.  

   According to the analysis of Badu Antivirus security experts,   Trojan.Win32.RouterAttacks.ge mainly attacks routers with vulnerabilities. The whole attack process consists of two stages:stage 1, the hacker controls infected computers to detect whether routers within a specific IP address field are subject to vulnerabilities and collect router IP addresses with vulnerabilities; stage 2, the hacker controls infected computers to violently crack routers with the collected IP addresses, and the default DNS will be substituted by a malicious DNS after successful cracking. The following list is the router models being exploited by hackers:

   ZXDSL 831CII, ZXV10 W300, DSL-2520U, DSL-2600U, DSL-2542B, DSL-2520UTD-W8901G, TD-W8901GB, TD-W8951ND, TD-W8961ND, TD-8840T, TD-8816, TD-8817,TD-W8151N, TD-W8101G, TD-W8901G, TD-W8901GB, TD-W8951ND8, TD-W8961ND, TD-8840T,TD-8816, TD-8817, TD-W8151N, TD-W8101G

   Here are some tips for those using routers with vulnerabilities from Baidu Antivirus security experts:  

   1.     Check whether the default DNS settings for any unfamiliar DNS exists in the router such as 177.173.22.164, 203.222.1.248,184.22.152.191 or 49.204.224.151 and restore default DNS settings with your password once the said DNS is found

   2.     Hackers will try using weak passwords to crack the routers (such as admin, root, support or Administrator), so users shouldmodify the default user name and assign it a strong password (more than 8digits, containing letters in both uppercase and lowercase, numbers and specialsymbols)

   Baidu Antivirus security experts warn users that after infection of this Trojan, your computer will become an accomplice of hackers to attack routers of other users. In order to avoid attacking the others, it is recommended that users immediately update their security software in order to avoid risks. At present, Baidu Antivirus users may enable real-time protection to prevent this Trojan from invading your computer. For other users, it is recommended that you shall download the latest version of Baidu Antivirus and enable real-time protection to avoid being the puppets of hackers. 

Welcome to follow us:   

Skype:    baiduantivirus@hotmail.com   

Facebook:   https://www.facebook.com/BaiduAntivirusEN