Router being infected by malware

You don't need government grade malware to do this and such attacks have actually been carried out for years. Typical SOHO routers are often vulnerable to CSRF and similar attacks and this can be used by the attacker to compromise the router, i.e. changing critical settings like the DNS servers. This compromise can be executed when you visit a web site. It does not even need to be a "bad" site since such an attack can be executed from inside embedded advertisements too (malvertisement).

For an example of such an attack see How millions of DSL modems were hacked in Brazil,... which talks about how attackers compromised millions of routers in Brazil using CSRF attacks. They then changed the DNS settings in the router so that the traffic got diverted to the attacker. With this man in the middle attack the attacker then could inject advertisements or malware into the traffic to every computer using this router.

These attacks are unfortunately very common today since a large proportion of SOHO routers are insecure. See Website Security – Compromised Website Used To Hack Home Routers for hacking via compromised web sites or Spam Uses Default Passwords to Hack Routers for similar hacks done via spam mails.

As for the enterprise level routers: Once you are in (maybe via a backdoor) you effectively own a large network with often sensitive information inside. By manipulating the routing you can divert the traffic to the attacker and do the same attacks and more as described above. The main difference is that you have far more computers behind the router and these have usually more more interesting information than you will find in home networks. This means the return of investment for the attacker is usually higher when enterprise routers or even routers as ISP's are compromised.


Provided that the computer has access to router's administrative panel(which isn't very hard because of widespread use of default password and backdoors from vendors), this is definitely possible. All you have to do is change the DNS settings for network and setup your own malicious DNS server.

The video in this page shows how to backdoor a computer in a network with router/modem's administrative panel.

Tags:

Router

Malware

Related

What does the Juniper backdoor actually allow an attacker to do? XSS via JSON: Why does a web application not sanitize either its incoming params hash or its outgoing JSON values of malicious tags like Script? Should I be concerned that Google no longer trusts specific Symantec root CA cert that is also on my Windows system? How to defeat doubling up apostrophes to create SQLi attack? Phone call to try and gain access What is happening now with the Grub backspace key security vulnerability? My country is attempting to block WhatsApp, what to do? Why would the government collect Wi-Fi SSIDs via manual door-to-door questioning of citizens? Samsung SSD 850 EVO. Best way to protect personal data against thiefs How to choose a password that I have to remember for a long time but do not use a lot What exactly does `ssh -T user@domain verify` do? Docker as a sandbox for untrusted code

Recent Posts