Over 20 Router Models Eyed by Hackers,Users Face Phishing Risks
In the past few days, Baidu Antivirus Security Center intercepted a Trojan virus named “Trojan.Win32.RouterAttacks.gen”, which can impel infected users to detect routers with vulnerabilities and wait for a chance to alter the router DNS. Once the DNS is hijacked by the hacker, the user may automatically enter phishing sites deliberately constructed by hackers while accessing online banks, online shopping sites or social networks like Facebook. Accessing phishing sites will reveal users’ password information or, more seriously, allow hackers to steal users’ online funds.
According to the analysis of Badu Antivirus security experts, Trojan.Win32.RouterAttacks.ge mainly attacks routers with vulnerabilities. The whole attack process consists of two stages:stage 1, the hacker controls infected computers to detect whether routers within a specific IP address field are subject to vulnerabilities and collect router IP addresses with vulnerabilities; stage 2, the hacker controls infected computers to violently crack routers with the collected IP addresses, and the default DNS will be substituted by a malicious DNS after successful cracking. The following list is the router models being exploited by hackers:
ZXDSL 831CII, ZXV10 W300, DSL-2520U, DSL-2600U, DSL-2542B, DSL-2520UTD-W8901G, TD-W8901GB, TD-W8951ND, TD-W8961ND, TD-8840T, TD-8816, TD-8817,TD-W8151N, TD-W8101G, TD-W8901G, TD-W8901GB, TD-W8951ND8, TD-W8961ND, TD-8840T,TD-8816, TD-8817, TD-W8151N, TD-W8101G
Here are some tips for those using routers with vulnerabilities from Baidu Antivirus security experts:
1. Check whether the default DNS settings for any unfamiliar DNS exists in the router such as 220.127.116.11, 18.104.22.168,22.214.171.124 or 126.96.36.199 and restore default DNS settings with your password once the said DNS is found
2. Hackers will try using weak passwords to crack the routers (such as admin, root, support or Administrator), so users shouldmodify the default user name and assign it a strong password (more than 8digits, containing letters in both uppercase and lowercase, numbers and specialsymbols)
Baidu Antivirus security experts warn users that after infection of this Trojan, your computer will become an accomplice of hackers to attack routers of other users. In order to avoid attacking the others, it is recommended that users immediately update their security software in order to avoid risks. At present, Baidu Antivirus users may enable real-time protection to prevent this Trojan from invading your computer. For other users, it is recommended that you shall download the latest version of Baidu Antivirus and enable real-time protection to avoid being the puppets of hackers.
Welcome to follow us: