{"id":28808,"date":"2016-12-27T18:01:15","date_gmt":"2016-12-27T10:01:15","guid":{"rendered":"https:\/\/www.hongkiat.com\/blog\/?p=28808"},"modified":"2023-04-06T19:09:08","modified_gmt":"2023-04-06T11:09:08","slug":"dnschanger-malware","status":"publish","type":"post","link":"https:\/\/www.hongkiat.com\/blog\/dnschanger-malware\/","title":{"rendered":"Protect Your Router from DNSChanger Malware"},"content":{"rendered":"<p>Malware that targets computers are rather common but <strong>malware that targets routers<\/strong> are a completely different thing. <strong>Researchers from the security firm <a target=\"_blank\" href=\"https:\/\/www.proofpoint.com\/us\/threat-insight\/post\/home-routers-under-attack-malvertising-windows-android-devices\" rel=\"noopener\">Proofpoint<\/a><\/strong> have discovered that the way it operates is similar to the recently <strong><a href=\"https:\/\/www.hongkiat.com\/blog\/steganos-malware-internet-explorer\/\">discovered Stegano malware<\/a><\/strong>.<\/p>\n<p>The malware  is called <strong>DNSChanger<\/strong>, and it spreads via <strong>malware-laced ads<\/strong> that are served by large ad networks. DNSChanger will first <strong>check the visitor\u2019s IP address to see if it is within the range<\/strong>. If the address <strong>doesn\u2019t fall within the target range<\/strong>, DNSChanger will <strong>set up decoy ads that are clean<\/strong>.<\/p>\n<p class=\"recommended_top\">\n\t\t\t\t\t<strong>Read Also:<\/strong>\u00a0\n\t\t\t\t\t<a target=\"_blank\" href=\"https:\/\/www.hongkiat.com\/blog\/clickclickclick-what-browser-tracking\/\">This website reveals what your browser could be tracking<\/a>\n\t\t\t\t<\/p>\n<p>On the other hand, if the address falls within a range, the malware would <strong>publish a fake ad that hides exploit code in the metadata<\/strong> of a PNG image.<\/p>\n<figure><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/assets.hongkiat.com\/uploads\/dnschanger-malware\/01-how-it-works.jpg\" width=\"975\" height=\"1121\" alt=\"how it works\"><\/figure>\n<p>Once the malicious code manages to sneak its way into the target\u2019s PC, it causes <strong>the target to connect to a page that hosts DNSChanger<\/strong>. The website will conduct yet another scan to ensure that the target\u2019s IP address is within the targeted range, and when it\u2019s confirmed, the site would <strong>display a second image that contains the exploit code<\/strong>.<\/p>\n<p>What happens next depends on the router model that DNSChanger is attacking. If the <strong>router model<\/strong> has known exploits, DNSChanger will <strong>utilize these exploits to modify the DNS entries in the router. <\/strong>When possible, <strong>make administration ports available from external addresses<\/strong>.<\/p>\n<p>If the router has <strong>no known exploits<\/strong>, DNSChanger would attempt to <strong>use default credentials<\/strong> to gain access to the router. If the router has<strong> no known exploits and no known passwords<\/strong>, the malware would then<strong> abandon the attack<\/strong>.<\/p>\n<p>Assuming it manages to get access to the router, DNSChanger is  able to <strong>force connected computers to connect to impostor sites<\/strong> that are visually identical to the real one.<\/p>\n<p>Proofpoint has found out that the malware appears to be <strong>falsifying IP addresses<\/strong> in order to <strong>divert traffic from ad agencies<\/strong> in favor of ad networks known as Fogzy and TrafficBroker.<\/p>\n<figure><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/assets.hongkiat.com\/uploads\/dnschanger-malware\/02-fogzy-and-trafficbroker.jpg\" width=\"975\" height=\"446\" alt=\"fogzy and trafficbroker\"><\/figure>\n<p>At the moment, Proofpoint has mentioned that it is <strong>impossible to name all the routers that are susceptible to DNSChanger<\/strong>. However, Proofpoint did inform the five router models that can be compromised by this particular malware.<\/p>\n<figure><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/assets.hongkiat.com\/uploads\/dnschanger-malware\/03-vulnerable-routers.jpg\" width=\"533\" height=\"172\" alt=\"vulnerable routers\"><\/figure>\n<p>In order to protect yourself from DNSChanger, Proofpoint has recommended that <strong>your routers are updated to the latest available firmware<\/strong> and is<strong> protected<\/strong> with a <strong>long<\/strong>,<strong> randomly-generated password<\/strong>. Additionally,<strong> disabling remote administration<\/strong> and <strong>changing the router\u2019s default local IP address<\/strong> is an effective preventive measure.<\/p>\n<p class=\"recommended_top\">\n\t\t\t\t\t<strong>Read Also:<\/strong>\u00a0\n\t\t\t\t\t<a target=\"_blank\" href=\"https:\/\/www.hongkiat.com\/blog\/safeguard-online-privacy\/\">9 Simple Tips to Safeguard Your Online Privacy<\/a>\n\t\t\t\t<\/p>","protected":false},"excerpt":{"rendered":"<p>Malware that targets computers are rather common but malware that targets routers are a completely different thing. Researchers from the security firm Proofpoint have discovered that the way it operates is similar to the recently discovered Stegano malware. The malware is called DNSChanger, and it spreads via malware-laced ads that are served by large ad&hellip;<\/p>\n","protected":false},"author":157,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3398,3976],"tags":[4091,4063,4601,316],"topic":[4523,4521],"class_list":["entry-content","is-maxi"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.8 (Yoast SEO v27.6) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Protect Your Router from DNSChanger Malware - Hongkiat<\/title>\n<meta name=\"description\" content=\"Malware that targets computers are rather common but malware that targets routers are a completely different thing. Researchers from the security firm\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.hongkiat.com\/blog\/dnschanger-malware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Protect Your Router from DNSChanger Malware\" \/>\n<meta property=\"og:description\" content=\"Malware that targets computers are rather common but malware that targets routers are a completely different thing. Researchers from the security firm\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.hongkiat.com\/blog\/dnschanger-malware\/\" \/>\n<meta property=\"og:site_name\" content=\"Hongkiat\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/hongkiatcom\" \/>\n<meta property=\"article:published_time\" content=\"2016-12-27T10:01:15+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-04-06T11:09:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/assets.hongkiat.com\/uploads\/dnschanger-malware\/01-how-it-works.jpg\" \/>\n<meta name=\"author\" content=\"Sia\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@hongkiat\" \/>\n<meta name=\"twitter:site\" content=\"@hongkiat\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sia\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/dnschanger-malware\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/dnschanger-malware\\\/\"},\"author\":{\"name\":\"Sia\",\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/#\\\/schema\\\/person\\\/25661c0ca5beef807a38c0d038894641\"},\"headline\":\"Protect Your Router from DNSChanger Malware\",\"datePublished\":\"2016-12-27T10:01:15+00:00\",\"dateModified\":\"2023-04-06T11:09:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/dnschanger-malware\\\/\"},\"wordCount\":417,\"commentCount\":3,\"publisher\":{\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/dnschanger-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/assets.hongkiat.com\\\/uploads\\\/dnschanger-malware\\\/01-how-it-works.jpg\",\"keywords\":[\"Malware\",\"router\",\"Security and Privacy\",\"Web Browsers\"],\"articleSection\":[\"Internet\",\"News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/dnschanger-malware\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/dnschanger-malware\\\/\",\"url\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/dnschanger-malware\\\/\",\"name\":\"Protect Your Router from DNSChanger Malware - Hongkiat\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/dnschanger-malware\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/dnschanger-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/assets.hongkiat.com\\\/uploads\\\/dnschanger-malware\\\/01-how-it-works.jpg\",\"datePublished\":\"2016-12-27T10:01:15+00:00\",\"dateModified\":\"2023-04-06T11:09:08+00:00\",\"description\":\"Malware that targets computers are rather common but malware that targets routers are a completely different thing. Researchers from the security firm\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/dnschanger-malware\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/dnschanger-malware\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/dnschanger-malware\\\/#primaryimage\",\"url\":\"https:\\\/\\\/assets.hongkiat.com\\\/uploads\\\/dnschanger-malware\\\/01-how-it-works.jpg\",\"contentUrl\":\"https:\\\/\\\/assets.hongkiat.com\\\/uploads\\\/dnschanger-malware\\\/01-how-it-works.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/dnschanger-malware\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Protect Your Router from DNSChanger Malware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/\",\"name\":\"Hongkiat\",\"description\":\"Tech and Design Tips\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/#organization\",\"name\":\"Hongkiat.com\",\"url\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/wp-content\\\/uploads\\\/hkdc-logo-rect-yoast.jpg\",\"contentUrl\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/wp-content\\\/uploads\\\/hkdc-logo-rect-yoast.jpg\",\"width\":1200,\"height\":799,\"caption\":\"Hongkiat.com\"},\"image\":{\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/hongkiatcom\",\"https:\\\/\\\/x.com\\\/hongkiat\",\"https:\\\/\\\/www.pinterest.com\\\/hongkiat\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/#\\\/schema\\\/person\\\/25661c0ca5beef807a38c0d038894641\",\"name\":\"Sia\",\"description\":\"A tech journalist for Hongkiat.com, Sia writes reviews on new products and services in the tech industry.\",\"url\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/author\\\/sia\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Protect Your Router from DNSChanger Malware - Hongkiat","description":"Malware that targets computers are rather common but malware that targets routers are a completely different thing. Researchers from the security firm","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.hongkiat.com\/blog\/dnschanger-malware\/","og_locale":"en_US","og_type":"article","og_title":"Protect Your Router from DNSChanger Malware","og_description":"Malware that targets computers are rather common but malware that targets routers are a completely different thing. Researchers from the security firm","og_url":"https:\/\/www.hongkiat.com\/blog\/dnschanger-malware\/","og_site_name":"Hongkiat","article_publisher":"https:\/\/www.facebook.com\/hongkiatcom","article_published_time":"2016-12-27T10:01:15+00:00","article_modified_time":"2023-04-06T11:09:08+00:00","og_image":[{"url":"https:\/\/assets.hongkiat.com\/uploads\/dnschanger-malware\/01-how-it-works.jpg","type":"","width":"","height":""}],"author":"Sia","twitter_card":"summary_large_image","twitter_creator":"@hongkiat","twitter_site":"@hongkiat","twitter_misc":{"Written by":"Sia","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.hongkiat.com\/blog\/dnschanger-malware\/#article","isPartOf":{"@id":"https:\/\/www.hongkiat.com\/blog\/dnschanger-malware\/"},"author":{"name":"Sia","@id":"https:\/\/www.hongkiat.com\/blog\/#\/schema\/person\/25661c0ca5beef807a38c0d038894641"},"headline":"Protect Your Router from DNSChanger Malware","datePublished":"2016-12-27T10:01:15+00:00","dateModified":"2023-04-06T11:09:08+00:00","mainEntityOfPage":{"@id":"https:\/\/www.hongkiat.com\/blog\/dnschanger-malware\/"},"wordCount":417,"commentCount":3,"publisher":{"@id":"https:\/\/www.hongkiat.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.hongkiat.com\/blog\/dnschanger-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.hongkiat.com\/uploads\/dnschanger-malware\/01-how-it-works.jpg","keywords":["Malware","router","Security and Privacy","Web Browsers"],"articleSection":["Internet","News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.hongkiat.com\/blog\/dnschanger-malware\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.hongkiat.com\/blog\/dnschanger-malware\/","url":"https:\/\/www.hongkiat.com\/blog\/dnschanger-malware\/","name":"Protect Your Router from DNSChanger Malware - Hongkiat","isPartOf":{"@id":"https:\/\/www.hongkiat.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.hongkiat.com\/blog\/dnschanger-malware\/#primaryimage"},"image":{"@id":"https:\/\/www.hongkiat.com\/blog\/dnschanger-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.hongkiat.com\/uploads\/dnschanger-malware\/01-how-it-works.jpg","datePublished":"2016-12-27T10:01:15+00:00","dateModified":"2023-04-06T11:09:08+00:00","description":"Malware that targets computers are rather common but malware that targets routers are a completely different thing. Researchers from the security firm","breadcrumb":{"@id":"https:\/\/www.hongkiat.com\/blog\/dnschanger-malware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.hongkiat.com\/blog\/dnschanger-malware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.hongkiat.com\/blog\/dnschanger-malware\/#primaryimage","url":"https:\/\/assets.hongkiat.com\/uploads\/dnschanger-malware\/01-how-it-works.jpg","contentUrl":"https:\/\/assets.hongkiat.com\/uploads\/dnschanger-malware\/01-how-it-works.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.hongkiat.com\/blog\/dnschanger-malware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.hongkiat.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Protect Your Router from DNSChanger Malware"}]},{"@type":"WebSite","@id":"https:\/\/www.hongkiat.com\/blog\/#website","url":"https:\/\/www.hongkiat.com\/blog\/","name":"Hongkiat","description":"Tech and Design Tips","publisher":{"@id":"https:\/\/www.hongkiat.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.hongkiat.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.hongkiat.com\/blog\/#organization","name":"Hongkiat.com","url":"https:\/\/www.hongkiat.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.hongkiat.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.hongkiat.com\/blog\/wp-content\/uploads\/hkdc-logo-rect-yoast.jpg","contentUrl":"https:\/\/www.hongkiat.com\/blog\/wp-content\/uploads\/hkdc-logo-rect-yoast.jpg","width":1200,"height":799,"caption":"Hongkiat.com"},"image":{"@id":"https:\/\/www.hongkiat.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/hongkiatcom","https:\/\/x.com\/hongkiat","https:\/\/www.pinterest.com\/hongkiat\/"]},{"@type":"Person","@id":"https:\/\/www.hongkiat.com\/blog\/#\/schema\/person\/25661c0ca5beef807a38c0d038894641","name":"Sia","description":"A tech journalist for Hongkiat.com, Sia writes reviews on new products and services in the tech industry.","url":"https:\/\/www.hongkiat.com\/blog\/author\/sia\/"}]}},"jetpack_featured_media_url":"https:\/\/","jetpack_shortlink":"https:\/\/wp.me\/p4uxU-7uE","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.hongkiat.com\/blog\/wp-json\/wp\/v2\/posts\/28808","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hongkiat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hongkiat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hongkiat.com\/blog\/wp-json\/wp\/v2\/users\/157"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hongkiat.com\/blog\/wp-json\/wp\/v2\/comments?post=28808"}],"version-history":[{"count":3,"href":"https:\/\/www.hongkiat.com\/blog\/wp-json\/wp\/v2\/posts\/28808\/revisions"}],"predecessor-version":[{"id":65728,"href":"https:\/\/www.hongkiat.com\/blog\/wp-json\/wp\/v2\/posts\/28808\/revisions\/65728"}],"wp:attachment":[{"href":"https:\/\/www.hongkiat.com\/blog\/wp-json\/wp\/v2\/media?parent=28808"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hongkiat.com\/blog\/wp-json\/wp\/v2\/categories?post=28808"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hongkiat.com\/blog\/wp-json\/wp\/v2\/tags?post=28808"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.hongkiat.com\/blog\/wp-json\/wp\/v2\/topic?post=28808"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}