300,000 routers compromised in DNS hijacking campaign2014-03-04 15:34 by DanielaTags: router, DNS, security
Threat intelligence group Team Cymru has warned about another mass compromise of home and small-office wireless routers, being used to make malicious configuration changes to more than 300,000 devices made by D-Link, Micronet, Tenda, TP-Link, and others. Although infections were global, the highest concentrations were found in Vietnam, Italy, Thailand, Indonesia, Colombia, Turkey, Ukraine, Bosnia and Herzegovina, and Serbia. The researchers believe those devices were compromised using different techniques that exploit several known vulnerabilities. Many of the affected devices had their administrative interfaces accessible from the Internet, making them susceptible to brute-force password-guessing attacks or unauthorized access using default credentials, if their owners didn't change them. The researchers identified the IP addresses involved: 5[.]45[.]75[.]11 and 5[.]45[.]75[.]36. Since the routers' primary DNS IP addresses are overwritten in the attacks, the victims are susceptible to denial of service if the attackers' servers are taken down, Team Cymru said. It is not yet clear what the attackers intended to do with the collection of compromised routers. Read more -here-
Post your review/comments
rate:
avg:
|