Effected brands of Routers including D-Link, Tp-Link, Micronet, Tenda and many others were found to be vulnerable to multiple exploit techniques including a recently disclosed authentication bypass vulnerability in ZyXEL Cirmware and Cross-Site Request Forgery (CSRF) techniques similar to those reported in late 2013. said the reportAffected devices had their DNS settings changed to use the IP addresses 5.45.75.11 and 5.45.75.36. As with the DNS Changer malware, unwitting victims are vulnerable to a loss of service if the malicious servers are taken down, as both primary and secondary! DNS IP addresses are overwritten, complicating mitigation.These attacks had similarities with a n recent attack in Poland which involved hijacked router used by hackers to redirect victim to Phishing websites to grab their online banking credentials.Team Cymru said, they have reported the incident to the effected router brands, ISP’s and law enforcement agencies.
