Categories: Security

Windows And Android Malvertising Campaign Puts Home Routers Under Attack

Security researchers at Proofpoint have identified a new malvertising attack on internet routers which ensnares victim networks though legitimate websites hosting unknowingly distributed malicious advertisements.

Targeting Windows and Android devices, the ‘DNSChanger Exploit Kit’ (EK) preys on vulnerabilities in victims’ home or small office (SOHO) routers and attacks via infected web browsers.

Although initially limited to Android and Windows, once a router has been compromised all users who then connect to it will be vulnerable to further malvertising attacks, regardless of their browser or operating system.

Router raid

According to Proofpoint, the attacks occur “in waves that are likely associated with ongoing malvertising campaigns lasting several days.

“DNSChanger will use webRTC to request a STUN server via stun.services.mozilla[.]com and determine the victim’s local IP address. If the victim’s public IP is already known or their local IP is not in the targeted ranges, they will be directed to a decoy path where a legitimate advertisement from a third party ad agency is displayed. If the client passes this check then a fake advertisement will be displayed to the victim.”

A series of checks and decryptions then take place, with the attack being determined by the router model and whether there are any known vulnerabilities to exploit. Although Proofpoint says it is not possible to provide a definitive list of vulnerable routers, it has identified some that are at risk. These include the D-Link DSL-2740R, the COMTREND ADSL Router CT-5367 C01_R12 and the Netgear R6200.

Although there is “no simple way to protect against these attacks,” updating routers to the latest known firmware is suggested as “the best way to avoid exploits.” Disabling remote administration, changing the default local IP range and installing ad-blocking browser add-ons can also provide some protection.

Ultimately though, Proofpoint believes manufacturers should be doing more to increase security: “While users must take responsibility for firmware updates, device manufacturers must also make security straightforward and baked in from the outset, especially on equipment designed for the SOHO market.”

“It is incumbent upon router manufacturers to develop mechanisms for simple, user-friendly updates to their hardware.”

Are you a security pro? Try our quiz!

Sam Pudwell

Sam Pudwell joined Silicon UK as a reporter in December 2016. As well as being the resident Cloud aficionado, he covers areas such as cyber security, government IT and sports technology, with the aim of going to as many events as possible.

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

10 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

13 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

14 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

15 hours ago