2. Chat

New COVID-19 Attack on HOME ROUTERS

In the News

New COVID-19 attack on HOME ROUTERS sends users to spoofed sites that push malware

A recently discovered hack of home and small-office routers is redirecting users to malicious sites that pose as COVID-19 informational resources in an attempt to install malware that steals passwords and cryptocurrency credentials, researchers said on Wednesday.

A post published by security firm Bitdefender said the compromises are hitting Linksys routers, although BleepingComputer, which reported the attack two days ago, said the campaign also targets D-Link devices.

It remains unclear how attackers are compromising the routers. The researchers, citing data collected from Bitdefender security products, suspect that the hackers are guessing passwords used to secure routers’ remote management console when that feature is turned on. Bitdefender also hypothesized that compromises may be carried out by guessing credentials for users’ Linksys cloud accounts.

Not the AWS site you’re looking for

The router compromises allow attackers to designate the DNS servers connected devices use. DNS servers use the Internet domain name system to translate domain names into IP addresses so that computers can find the location of sites or servers users are trying to access. By sending devices to DNS servers that provide fraudulent lookups, attackers can redirect people to malicious sites that serve malware or attempt to phish passwords.

The malicious DNS servers send targets to the domain they requested. Behind the scenes, however, the sites are spoofed, meaning they’re served from malicious IP addresses, rather than the legitimate IP address used by the domain owner. Liviu Arsene, the Bitdefender researcher who wrote Wednesday's post, told me that spoofed sites close port 443, the Internet gate that transmits traffic protected by HTTPS authentication protections. The closure causes sites to connect over HTTP and in so doing, prevents the display of warnings from browsers or email clients that a TLS certificate is invalid or untrusted.

Domains swept into the campaign include:

aws.amazon.com

https://developers.googleblog.com/2018/03/transitioning-google-url-shortener.html

https://bitly.com/

washington.edu

imageshack.us

ufl.edu

disney.com

pubads.g.doubleclick.net

tidd.ly

redditblog.com

winimage.com

The IP addresses serving the malicious DNS lookups are 109.234.35.230 and 94.103.82.249.

The malicious-sites users land on claim to offer an app that provides “the latest information and instructions about coronavirus (COVID-19).”

garygemmell
garygemmell
over a year ago
What do you think of this?+20 points
Advertisement
garygemmell

My advice as an IT Security analyst is always:-

Login to your home router and SWITCH OFF REMOTE ACCESS!

Disable UPNP

Disable WPS

Enable firewall (Max) Mode!

Make sure your wireless is set for WPA2 authentication and use AES encryption and not TKIP.

This is all particularly relevant for LINKSYS routers!!!

AND CHANGE THAT ADMIN PASSWORD!

Like
Reply2
lilyflower

Gosh you have been busy and I thought all you did was chat to us females - mostly. Thanks for the info.

Like
Reply
mso

Thank you for your advice, I will try to look into those settings but wow that sounded so complicated ☺️ I barely manage to set up my router in a first place let alone changing the settings 🤣

Like
Reply
Dennab

mso Don't worry it's fairly straightforward. Just be careful to not change unnecessary settings.

Like
Reply2
lilyflower

Are you ok? Been quiet over weekend, missed the banter.

Like
Reply
shadowcat

Thats some scary stuff, going to have a look at the setting

Like
Reply1
Dennab

Wow, some really have no limit on how they will go. Thanks for the top advice Gary.

Like
Reply1
One of the UK's largest deal hunting communities

Join for free to get genuine deals, money saving advice and help from our friendly community

Tom Church
Co-Founder &
Chief Bargain Hunter
Tom Church, Co-Founder
Want deals & discounts automatically?
+100 bonus points!
Latest Deals Browser Extension
Latest Deals Mobile App
  • Download our app
  • 1,000+ new deals every day
  • Earn free Amazon vouchers
  • Daily deal alerts - never miss the best offers!
  • Download the Latest Deals iOS AppDownload the Latest Deals Android App
Latest Deals
Latest Deals
HomeDealsVoucher CodesFreebiesCompetitionsMoney Saving GuidesRetailersTags
Community
ChatShare
Tools
Domino's Code FinderAmazon Deals FinderSupermarket Price ComparisonBrowser ExtensionStock CheckerBlack Friday App
Other
GuidelinesNewsContact usTerms and conditionsPrivacy policyCookie policyAbout us
Help

Frequently asked questions, helpful hints or want to ask us something?

Get Help
Disclaimer

The content on Latest Deals is a combination of information submitted by members of the public and the Latest Deals team. Whilst we make every effort to try and ensure genuine, accurate content we cannot guarantee it. Please always carry out your own due diligence and double check the details of an offer on the retailer's own website.

How this site works
  • To cover the site's running costs, Latest Deals uses affiliate links.
  • If you click on a link to an external website and make a purchase, Latest Deals may earn a commission.
  • We allow deals to be shared on Latest Deals irrelevant of whether or not they generate us money. Our #1 concern is helping you save money.
  • If you have any questions about how the site works, drop us a message. We're always happy to help.
Copyright © 2024 Latest Deals Limited
Registered in England and Wales. Company number 10286141. WeWork 6th Floor, International House, 1 St Katherine's Way, E1W 1UN
We value your privacy

We use cookies to help give you the best experience on our website with improved customisation, analytics & advertising (inc. personalisation). You can read our full cookie policy. Please either , or .