New Zlob variant reconfigures routers
A variant of the Zlob virus has emerged that can tweak DNS entries on standard commercial routers from an infected Windows PC. It uses a built-in list of standard router usernames and passwords. Successful attacks have already been observed on Linksys BEFSX41 routers and a Buffalo router using DD-WRT open source firmware.
Attackers can then redirect all internet traffic to their own servers. For the criminals, the advantage to manipulating a router is that it is more difficult for normal users to detect than an attack against a PC. The virus makes its way onto the computer by posing as a video codec, palmed off on users by malicious web sites. Members of the Zlob family have been floating around the internet since 2006, but so far they have only managed to alter the DNS settings on PCs. A variant for Mac OS X has even tried its luck against Apple computers.
Trojans that can manipulate routers have so far been limited to thought experiments by security experts. Although Zlob is still one of the most pervasive viruses for Windows PCs, the new variant does not yet appear to be very widespread. Protecting against Zlob is as easy as having a virus scanner with up-to-date signatures, and a bit of restraint in downloading dubious video codecs – even if the movie on offer is one that you're itching to see. Changing the standard password on your router is good practice, not only against trojans, but also for protection from certain forms of cross site request forgery attacks – attacks against routers via specially crafted web sites.
- Malware Silently Alters Wireless Router Settings, Report by Brian Krebs