DNSChanger first hit the headlines in 2007, and for the five years that followed, this malware exploit infected millions of computers and networks throughout the world subjecting them to security vulnerabilities and threats.
Now, computer users have a reason to worry since the malware is making headlines again, and the target this time are home routers which can fall victim to malvertising campaigns.
The malware exploits by altering the DNS settings of routers and redirecting users to other malicious DNS data servers that are located in New York, Chicago, and Estonia.
The malicious servers provide false and malicious responses to any query made by a network user, alter search filtering, and also advertise products that are dangerous.
Since every web search relies on DNS, its malware features a malicious code that redirects computer network users to an altered version of the internet.
The router models that are most likely to be affected by DNSChanger malware
According to computer security experts, some of the routers that have been specifically targeted by the DNSChanger malware are:
• Netgear R6200
• Netgear WNDR3400v3, and many other router models that belong to this series
• D-Link DSL-2740R
• COMTREND ADSL Router CT-5367CO1_R12
• Pirelli ADSL2/2+ P.DGA4001N wireless router, and many other models which are yet to be confirmed
At the moment, it is really not possible to determine the number of devices that have already been infiltrated by this malware, or even how long the DNSChanger malware campaign has been running.
Meanwhile, there are some unconfirmed reports that the malware developers have the capability to infect as much as one million network points on a daily basis.
Computer users are advised to upgrade their firmware protection to the latest versions available from the consumer market, and also take other additional network security measures like using strong passwords.
Besides, security experts suggest that disabling routers’ remote administration and changing the default local IP address may provide some help in neutralizing the malicious intent behind the DNSChanger malware.
The credentials at risk
Hackers can target home routers for the intentions of stealing credentials, and this is a development which escapes the attention of many people.
In the event unsuspecting network users try to visit “legitimate” sites defined by the DNSChanger malware developers; that might give a path through which users unknowingly give their PIN numbers, passwords, and bank account credentials.
The damage done by the DNSChanger malware is hard to take notice of since the malware creates no files, and there is no noticeable persistence in how its code works.
Once a router’s current IP address is modified, the infection will start its work, and users will not realize they are navigating clones to the original and legitimate sites.
The regions hit hard by the DNSChanger malware infection
Going by the current reports, the effect of the DNSChanger malware is already being felt, and Brazil currently accounts for over 85% of the reported cases of the malware attack.
The United States, Japan, Portugal, and Germany have also felt slight effects of the malware attack and have accounted for roughly 2.94%, 1.34%, 1.16% and 0.89% respectively of the confirmed reports.
Some of the sites created by the malware developers are mobile friendly, and once a router DNS gets changed, then all the connected devices in a network become vulnerable to any attack, mobile devices included.
DNSChanger malware intentions may not infiltrate the banking sector. The use of the Internet of Things (IoT) is also on the rise, and these devices can be hacked by criminals for the intentions of getting away with valuable credentials.
It is, therefore, a good practice to regularly audit DNS settings of routers, and also pay close attention to any websites that often require credentials like emails from users – typical examples be
ing banks, e-mail service providers, and social media networks.
What to do if you suspect that a router’s DNS settings may be compromised
If a network user is suspecting that the DNSChanger malware may already be doing its work, then the best advice would be to consult computer professionals.
The most important information is that the DNS settings of any internet connected device must be adequately checked as this is the main loophole that the malware uses to infiltrate router gadgets.
Anti-virus upgrade is also necessary since some versions have tools specifically meant for removing its malware.