It has been discovered that a range of widespread router exploits have been used by two London IP addresses to compromise nearly 300,000 computers globally.
The discovery has been made by researchers at a security firm called Team Cymru. Apparently, the two IP addresses in question have been able to exploit the routers which give them a clean slate to go ahead and exploit the computers connected to them. However, it must be noted that for now, no computers have evidently been targeted by this network.
But the exploit does give whoever is behind this an opportunity to possibly reroute 300,000 computers to DNS servers of their choice. This can be used to launch a whole plethora of hacks and attacks. According to Steve Santorelli of Team Cymru, ‘What we’ve seen so far is a little mysterious. 300,000 machines going to different DNS servers.’
The DNS rerouting can be used, for instance, to direct users to a fake banking website which can then be leveraged to gather the financial credentials of these users and hack into their bank accounts. Such attacks have been pulled off in the past making use of similar exploits.
According to the findings of Team Cymru, the exploits which have been used by this network are found in routers primarily based in Eastern Europe and Asia. Routers in US and Western Europe have long been patched against such exploits and as such, are not affected by this episode.
Team Cymru has called on the router vendors to immediately patch these exploits and secure their users against the vulnerability. The company has also reported the network to the law enforcement agencies.
Source: Team Cymru
Courtesy: The Verge