EZ MSP Blog
The Legendary Router Malware
When diagnosing your computer's security problems, it should be noted that malware is not always located on the PC itself. A lot of the time, problems could be occurring in a number of different operating systems and browsers, making it difficult to diagnose the cause. A recent study by Ronald Kaplan and Dylan Kaplan proved that malware can be located not only on your computer and devices, but even on your wireless router.
The study involved examining several variables of unresolved computer issues; operating system, browser, server, and more. Websites were being routed to other websites without a valid explanation. They knew that this was being caused by a type of malware, but couldn't explain why their anti-malware software was unable to detect it. This was happening to several different computers with different operating systems, browsers, and servers. So, the idea was to look for the common element amongst all of the different issues.
Eventually, the Kaplans found the common theme, and it was the router. Neither of them had heard or seen anything about router malware, so they had no clue what information was stolen or what damage had been done. Their only concern was to fix the problem before it could cause any more harm. As told by CIO.com:
Malware which alters DNS settings often have an agenda; most collect money for website hits from merchant vendors. This is often the incentive for hackers to write and circulate their malware. The Internet is rife with this type of fraud, where website hosts have contracted to pay for "hits" or views of their website instead of paying often large fees for directory listings creating web traffic.
Additionally, the sites which were redirected to could potentially hold other malicious software that could weasel its way into PCs.
The router itself played a big role in this discovery. Since most enterprise routers are configured and managed remotely, they are password locked. However, if something can be configured, it can be reconfigured, and therefore, be taken advantage of by anyone who has the password. Routers function by using Dynamic Host Configuration Protocol, or DHCP, to determine how to interpret an IP address. This helps computers by providing them with the knowledge to locate websites, and then share this information with others, similar to how a telephone network operates.
Instead of doing the easy thing - using a backup solution to restore your system to before the issue took place - the better idea would be to find out why the problem occurred in the first place. This is what the Kaplans did; they isolated the problem and determined that the malware was spreading from router to router via DHCP from the DNS server.
The technology professionals at EZ MSP can diagnose problems from routers or any other pieces of your network, and equip your business with solutions that can prevent crippling downtime. For more information, give us a call at (914) 595-2250.