wow - Malware hacked the linksys router!
I was fixing someone's computers and I saw something I'd never seen before. Of course, I knew it was possible, but I didn't think I'd ever see it occur.
After installing itself on the computers, it hacked into the linksys router. That is, the router was set to a default password (admin), and it inserted it's own rogue DNS servers into the linksys settings - effectively spreading search redirection spam to all computers on the network via google searches.
I would never have thought to look there.... I was getting bored during the malware scans and decided to poke around in the linksys router to see what options it had when I saw the strange DNS entries. Then I realized that the laptop I had brought in from home was also getting redirected to spam sites on google searches.
Here are the rogue DNS servers in question:
213.109.65.66
213.109.73.174
and third entry that said 1.1.1.1 for some reason.
If you're very brave and curious, Feel free to try these out to see the effect it has on google searches . (WARNING - you'll be forwarded to SPAM and virus sites! Security "professionals" only , in sandbox conditions)
The virus in question was Palladium pro (I think that's what caused it).
Anyway... good to keep in mind! Change the default password on your linksys, since it's vulnerable once an infected machine has penetrated the local network.
After installing itself on the computers, it hacked into the linksys router. That is, the router was set to a default password (admin), and it inserted it's own rogue DNS servers into the linksys settings - effectively spreading search redirection spam to all computers on the network via google searches.
I would never have thought to look there.... I was getting bored during the malware scans and decided to poke around in the linksys router to see what options it had when I saw the strange DNS entries. Then I realized that the laptop I had brought in from home was also getting redirected to spam sites on google searches.
Here are the rogue DNS servers in question:
213.109.65.66
213.109.73.174
and third entry that said 1.1.1.1 for some reason.
If you're very brave and curious, Feel free to try these out to see the effect it has on google searches . (WARNING - you'll be forwarded to SPAM and virus sites! Security "professionals" only , in sandbox conditions)
The virus in question was Palladium pro (I think that's what caused it).
Anyway... good to keep in mind! Change the default password on your linksys, since it's vulnerable once an infected machine has penetrated the local network.
Heatware: 2-0-0
eBay: 69-0-0
eBay: 69-0-0