DNSChanger Attack

Following the news that a widespread “DNSChanger” attack on vulnerable home networking equipment has been redirecting traffic from afflicted networks, including that from Apple users, to fraudulent domains and opening up the routers to further attack. Cricket Liu, Chief DNS Architect at Infoblox commented below.

Cricket Liu, Chief DNS Architect at Infoblox:

cricket-liu“It’s important to note that, rather than being a vulnerability in the domain name system, or DNS, this is actually malware that exploits vulnerabilities or default login credentials in popular routers and reconfigures their DNS settings to use malicious name servers.

“DNS is used to bootstrap basically every transaction over the Internet so, once the bad guys have redirected you to one of their own name servers, they can do whatever they want. They can redirect you to web sites that are visually indistinguishable from the real ones, where you might enter your login and password, credit card information, and more; redirect all of your Internet-bound traffic through a proxy server, where it can be captured and examined; or substitute malicious files for the files you’re trying to download.”

“This attack demonstrates once again the importance of keeping your equipment upgraded and changing your login credentials.”

In this article