Malware Changing your Router

Date: 2011-04-26 19:42:40

We've written about this before, but this is the first time we've seen it in the news for a while ( Source Atlanta Journal Constitution Article). If someone compromises your router, they could be redirecting all your traffic to other sites. The article does a great job explaining how this works. The one thing they don’t mention, is how this ploy can be used to steal your login credentials for banking or other sensitive sites

This can be done by changing your router configuration for something called DNS. DNS is the process that converts site names from something humans understand to something computers understand. Say for instance you enter www.bigbank.com in your browser, this is normally translated to a numerical address like 10.10.10.10, which is the real site address for bigbank.com. If they setup a fake bank to look just like your real bank at 20.20.20.20, when your browser asks to go to bigbank.com, your roter will now tell your browser to go to 20.20.20.20 instead of 10.10.10.10. When you get there and try to login, you'll get an error message. At the same time, they just got your banking password.

All the security software in the world may not protect you from this type of ploy. An alert user may notice that the site they went to was perhaps not using a secure session. Or, if the site is a known bad site, and you were using a third party website rating tool like WOT or Site Advisor, you may get a warning. Other than that, most people are fooled by this type of ploy.

Preventing this from happening to you is not very difficult.

1. If your router was supplied by your internet service provider (ISP), you’ll have to call them for help. Don’t try upgrading their equipment. Also keep in mind that many ISPs have old equipment with known administrator credentials, so they may be just as big of a security risk as any off-the-shelf router.
2. If your router is older than five years. Buy a new one. This will get you the latest security protocols as well as the latest firmware. It will also give you the ability to plug the old one back in if the new one fails
3. If you’re upgrading your older router, first find or download your exact model of router’s installation instructions. Make sure you know the default admin username and password. Also, ensure you know your internet service providers settings. It is probably a good idea to go through and print out every option you can find in the old routers configuration screens.
4. Find your routers reset to factory default button. It is usually a small hole in the back of the router. You stick a sharp pencil or toothpick in the hole to depress the hidden button for 30 seconds and your router will reset to factory defaults. (read your manual to be sure)
5. Access the router’s configuration pages through a browser and set it up again. This time, be sure to change the default admin password and update the firmware from the configuration utility.
6. Once everything is working, document your routers settings. It’s ok to write the username and new password on the router with a marker even. Another idea is to put the configuration print outs you made in an envelope and tape them to the router (Just be sure not to cover any vents).

Over the years I have tried a few dozen router brands. Throughout that time most have been very similar. There is one notable exception, and that is the Apple Airport. I’ve only used the extreme model, but the regular model uses the same basic setup. The nice thing about this product is the software setup. You don’t need to use a web-browser at all. The utility is a stand-alone application that walks you through all the necessary setup. The most important part is that the software will automatically update the firmware as soon as it is available using the same apple update utility that iTunes or OS-X uses. Very few people ever wake up and say, “Gee, I think I’ll check for router firmware updates today”. Apple has eliminated the need to remember to check for firmware updates every few months. As soon as a firmware update becomes available, your apple updater will tell you and walk you through the update.

Category: Malware

Subcategory: Routers