linkbucks malware / router comprimise

A place for all your general chat needs

linkbucks malware / router comprimise

Postby Cacker on Fri Feb 14, 2014 10:48 am

User avatar
Cacker
Site Admin
4th floor ponce
 
Posts: 2799
Joined: Tue Dec 02, 2003 7:01 pm
steamID: Cacker
PSN: Cacker67
antispam1: No
orientation: Yes
Just a note to say make sure Router passwords are not default and secondly they're not simple.

There's a hack where they comprise the router for a DNS hack that redirects all relative urls to linkbucks which is a pay-per-click website.

I was pulling my hair out not finding any malware on my machine, only to find it was all devices in the house and then found out that it was a dns hack.

It prepends the URL with various other site URLs, eg mine kept going to ultrafile.net, thus generating a click to a webpage, generating money for some c*nt some.

It only went away when I rebooted the router and then came back some time later on in the day. I stupidly had a simple password, thinking I was okay, because WAN access was turned off, thinking I was safe :/
/Chairs

Cacker

Image

Re: linkbucks malware / router comprimise

Postby larchy on Thu Feb 20, 2014 8:24 pm

User avatar
larchy
Site Admin
R2 where are you?
 
Posts: 8755
Joined: Wed Sep 10, 2003 3:48 pm
Location: lalala I can't hear you
steamID: larchy
antispam1: Yes
orientation: Yes
Was this the cisco/linksys or asus one, both of which have made headlines in the past week?

I came across a linksys one about 8 years ago, changed all the router's DNS settings.

You'd think they'd target the crappy sky/virgin/BT shitboxes

At least noone has one of those networked toilet/bidets yet, though I am waiting for the first stories of Nest smoke alarms being hacked to sound continuously.

Re: linkbucks malware / router comprimise

Postby Tonster on Thu Feb 20, 2014 10:37 pm

User avatar
Tonster
Moderator
Not Twisted, Toothpick or Tuff
 
Posts: 7682
Joined: Mon Oct 06, 2003 12:36 pm
steamID: MartianLM
antispam1: No
orientation: Yes
Battle.Net ID: MartianLM#2136
Actually thanks for reminding me, just changed it so I'll never be able to access my router settings again.

larchy wrote:At least noone has one of those networked toilet/bidets yet

Have you checked with Kazza?

Re: linkbucks malware / router comprimise

Postby Cacker on Fri Feb 21, 2014 2:23 pm

User avatar
Cacker
Site Admin
4th floor ponce
 
Posts: 2799
Joined: Tue Dec 02, 2003 7:01 pm
steamID: Cacker
PSN: Cacker67
antispam1: No
orientation: Yes
My router is actually a linksys, so yeah, pretty sure it's the issue that's hit the news recently.

However, I've been using DD-WRT firmware for years, so I don't think it's router specific. I did read that some routers have a backdoor port open that has been exploited.

This DNS exploit seems to bypass whether you have remote management switched on or off and routers with weak or default credentials get hit.

I had a simple user/password because I assumed turning off remote management would be enough :/
/Chairs

Cacker

Image


Return to General Chat

Who is online

Users browsing this forum: Google [Bot] and 6 guests

cron