300,000 Routers Hijacked in Massive Botnet Discovery

Researchers from the security firm Team Cymru have announced that they had discovered a massive botnet that’s nearly 300,000 routers strong, covering every edge of the earth including infections in Italy, India, Vietnam, Thailand, and Colombia.

By changing the DNS that routers rely on in order to translate the binary nature of the internet into readable text that normal humans can understand, the hackers were able to inject blank passwords into the credentials field of various ethernet switches and wireless access points to gain control of their services and any devices that connect to them while the crack is in place.

This also allows them to discreetly monitor traffic, install malicious programs, and even record the web browsing habits of the infected user without experiencing any sort of slowdowns or hangups on their computers, tablets, or phones.

It’s this prospect of resource-free reporting that makes router exploits so attractive, and lucrative, to the criminal rings who employ them on a massive scale like this.

Ars Technica

“The scale of this attack suggests a more traditional criminal intent, such as search result redirection, replacing advertisements, or installing drive-by downloads; all activities that need to be done on a large scale for profitability,” Monday’s report stated. “The more manually intensive bank account transfers seen in Poland would be difficult to conduct against such a large and geographically-disparate victim group.”

Routers from D-Link, Micronet, TP-Linke, and Tenda were just a few of the models named in the attack, and researchers suggest that if you own any of these brands you should update your firmware as soon as possible and run a standard list of checks to be sure your networking equipment hasn’t been compromised.

These sorts of gargantuan botnet setups seem to be all the rage these days, with similar problems plaguing companies like Linksys and Netgear recently as they tried to fend off hackers by the dozen.