Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


New Malvertising Attack Contaminates Routers of Small Businesses and Households

Proofpoint recently detected one fresh edition of DNSChanger Exploit Kit. This malware contaminated the tangible Internet routers when users accessed their Web-browsers. The purpose was to replace the advertisements that flashed on sites the end-users visited with potential malverts benefiting the miscreants via the latter controlling the DNS and thus regulating the destinations of software updates that the end-users' PC obtained. Boingboing.net posted this, December 15, 2016.

To effectively work, DNSChanger uses security flaws within Internet routers that the victims use especially which are used in small businesses or homes.

Malverts or malicious ads are served to victims that are designed for contaminating their routers through Web-browsers. The greater number of new DNSChanger contaminations reportedly target Chrome Web-browser open on Android phones or Windows computers.

The latest DNSChanger edition utilizes some combination of proficient and innovative methods for garnering victims. This involves serving malverts to end-users using Android or Windows. The malverts contain certain JavaScript and one PNG image. Over and above there's some HTML inside comment field of the PNG which the JavaScript extracts as well as runs. The presence of this invisible and malevolent HTML within comment field of the PNG lets it bypass certain malvertising strainers, while utilization of the JavaScript makes the HTML active that lets the malware do its tasks only on vulnerable devices.

And while it isn't clear what exactly the latest malvertising scheme is up to, one result definitely is evident i.e., capturing ad agencies' online traffic. Nevertheless, by successfully controlling a network's DNS server, attackers then execute various activities such as ad fraud, phishing, man-in-the-middle assaults, banking fraud, and more.

Numerous routers can be compromised with the DNSChanger EK such as models by D-Link, Netgear, Linksys, Zyxel, Pirelli and Comtrend, says Bleeping Computer. Thus, end-users require making the firmware of their routers up-to-date as a way for starting safeguarding themselves.

Other than setting stronger passwords for their routers, which isn't sufficient because the assaults take place via the Web-browser while circumvent the entire security system of the routers, end-users should also exercise caution when they click on ads thereby doing towards eschewing malverts.

» SPAMfighter News - 12/20/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page