Η εταιρία ασφαλείας Trend Micro, εντόπισε μια επίθεση εναντίον οικιακών routers που βρίσκεται σε εξέλιξη από τον Δεκέμβριο του 2015.
Η επίθεση γίνεται μέσω κακόβουλο JavaScript κώδικα με την επίσκεψη μιας φορητής συσκευής σε μολυσμένο
mobile website και επηρεάζει routers γνωστών κατασκευαστών όπως οι D-Link, TP-LINK, και ZTE. Ο κώδικας που χρησιμοποιείται, περιέχει 1400 συνδυασμούς login και πολλά κοινά passwords και μετά την....
επιτυχή είσοδο στο router, αλλάζει τις ρυθμίσεις DNS του, με αυτές του επιτιθέμενου.
Security firm Trend Micro has discovered an attack on home routers that involves malicious JavaScript, a mobile website, and a mobile device such as a smartphone. This attack has been taking place since December 2015, and so far focuses on Taiwan, Japan, and China. However, the United States is fourth on the attack list, so be prepared.
According to the report, a compromised mobile website can contain JavaScript that downloads another JavaScript with DNS changing routines to the visiting mobile device. Although this JavaScript can also be downloaded on a computer, the infection depends on the user’s medium — for example, JS_JITONDNS only infects mobile devices and triggers the DNS changing routine, while the JITON infection is triggered only if the user has a ZTE modem.
Related: TP-Link will block router frequency customization in June
An examination of the code reveals that hackers are targeting routers sold by well known manufacturers such as D-Link, TP-LINK, and ZTE. The report points out that TP-LINK currently owns 28 percent of the router market while D-Link is in the top 10 with a seven percent market share. Given D-Link is based out of Taiwan and TP-LINK is in China, Trend Micro isn’t surprised by the high number of attacks in those regions.
“Cybercriminals behind this incident employ [an] evasive mechanism to go off the radar and continue the attack without arousing any suspicion from affected users. Such tactics include regularly updating the JavaScript codes to fix errors and constantly changing targeted home routers,” the report states. “The compromised websites are difficult to pinpoint due to the lack of any suspicious behavior.”
The DNS settings of a router can be overwritten thanks to the JavaScript code containing more than....
Διαβάστε περισσότερα στο: www.adslgr.com
Η επίθεση γίνεται μέσω κακόβουλο JavaScript κώδικα με την επίσκεψη μιας φορητής συσκευής σε μολυσμένο
mobile website και επηρεάζει routers γνωστών κατασκευαστών όπως οι D-Link, TP-LINK, και ZTE. Ο κώδικας που χρησιμοποιείται, περιέχει 1400 συνδυασμούς login και πολλά κοινά passwords και μετά την....
επιτυχή είσοδο στο router, αλλάζει τις ρυθμίσεις DNS του, με αυτές του επιτιθέμενου.
Security firm Trend Micro has discovered an attack on home routers that involves malicious JavaScript, a mobile website, and a mobile device such as a smartphone. This attack has been taking place since December 2015, and so far focuses on Taiwan, Japan, and China. However, the United States is fourth on the attack list, so be prepared.
According to the report, a compromised mobile website can contain JavaScript that downloads another JavaScript with DNS changing routines to the visiting mobile device. Although this JavaScript can also be downloaded on a computer, the infection depends on the user’s medium — for example, JS_JITONDNS only infects mobile devices and triggers the DNS changing routine, while the JITON infection is triggered only if the user has a ZTE modem.
Related: TP-Link will block router frequency customization in June
An examination of the code reveals that hackers are targeting routers sold by well known manufacturers such as D-Link, TP-LINK, and ZTE. The report points out that TP-LINK currently owns 28 percent of the router market while D-Link is in the top 10 with a seven percent market share. Given D-Link is based out of Taiwan and TP-LINK is in China, Trend Micro isn’t surprised by the high number of attacks in those regions.
“Cybercriminals behind this incident employ [an] evasive mechanism to go off the radar and continue the attack without arousing any suspicion from affected users. Such tactics include regularly updating the JavaScript codes to fix errors and constantly changing targeted home routers,” the report states. “The compromised websites are difficult to pinpoint due to the lack of any suspicious behavior.”
The DNS settings of a router can be overwritten thanks to the JavaScript code containing more than....
Διαβάστε περισσότερα στο: www.adslgr.com