Blog

Rahul Thadani
Vulnerable Wi-Fi routers lead to attacks and fake websites
October 19, 2012

It was recently discovered that millions of ADSL routers were hacked in Brazil to create a large botnet chain. This is an unprecedented move that goes to show that not even our routers are safe from attackers. Many homes and offices use Wi-Fi routers for web access today so it is important to understand the need to keep these devices protected.

Unfortunately, attackers have now come up with innovative methods to infect a router. A compromised router is dangerous because an attacker can direct a victim to fake pages that derive information and convince him to install malicious programs. Moreover, such pages can also contain drive-by downloads or malicious Java applets that can infect a system. Advanced attackers can even make use of spyware and other tools to record keyboard strokes, real-time videos through the webcam, audio recordings through the microphone and other data.

What makes a router vulnerable?

These nefarious incidents occur when an infected router leads to a malicious DNS server. Routers that are vulnerable to such attacks can be remotely accessed from the web and then programmed to direct machines to fake websites.

Malicious DNS Server

The primary cause of this vulnerability is that a majority of users do not change the default username and password for routers that they own. They simply use the default entries provided by a manufacturer instead. This username and password is required to access the configuration of the router and it can only be accessed by visiting a unique IP address that the manufacturer provides.

Moreover, security patches and fixes for router vulnerabilities are released very rarely. So if there is a vulnerability present, it takes a long time to resolve. Most users are also unaware about the need to update the firmware in their routers and this prolongs the time period for which a router can be exploited.

Steps to ensure router safety

The following steps need to be adhered to in order to prevent a router from getting hacked:

  • The default password provided by the manufacturer must be changed. The way to implement this can be learned from the router user manual or a Google search or a call to the support team.
  • If a firmware update for the router is available, it should be installed immediately.
  • If a router has a hardware firewall, it should be implemented. This Internet firewall protection can be enabled from the router settings configuration page.
  • The WAN ping feature from the configuration page should be disabled. This feature allows hackers to check if a WAN IP address is valid.
  • Security encryption like WPA2 or WPA (Wi-Fi Protected Access) must be enabled. This ensures that no party can access a WiFi connection and router without the password.

The best system protection software is essential for complete computer security, but there are certain manual steps that need to be taken as well. Attackers can only infect routers and machines if there is some form of vulnerability for them to exploit and such vulnerabilities can only be found on unpatched machines. It is strongly recommended that you upgrade to Quick Heal 2013 for protection against the latest malware threats and attack methods exploited by attackers.

Have something to add to this story? Share it in the comments.

Rahul Thadani
About Rahul Thadani
Rahul is a web enthusiast and blogger, and has been writing about the computer security industry for the last three years. Following the latest technology trends,...
Articles by Rahul Thadani »

87 Comments

Your email address will not be published.

CAPTCHA Image

  1. Thanks rahul for en-lighting the Router vulnerabilities and the need to update the firmware.
    Another one more attack technique on network…!!!

    Reply
  2. ombir singhOctober 19, 2012 at 5:56 PM

    Thanks rahul for en-lighting the Router vulnerabilities and the need to update the firmware

    Reply
  3. seeraj sharmaOctober 19, 2012 at 6:18 PM

    Thnkes ,thankes dear rahul.

    Reply
  4. thanks for the information

    Reply
  5. Thanks, Rahul, for this latest threat information. I use a wi-fi modem, and have got my user id and password changed by the service provider. Is that enough? I also use Quick Heal Internet security AV in my system.

    Can you also let m know about this anti-logger software available on the net? Does it help, if installed? Something about this will also help.

    When you respond, will it be possible to mail a copy to me too?

    Thanks.

    Reply
    • Hi Naresh,
      We cannot comment on this software. It is good that you have changed the user ID and password. Update your antivirus software regularly and your system will remain protected.
      Regards.

      Reply
  6. pratamesh1@gmai.comOctober 19, 2012 at 8:34 PM

    Thanks for the Info :-)) …..

    Reply
  7. Kuldeep Kumar MishraOctober 19, 2012 at 9:27 PM

    thank you for information
    i have ADSL Type 2 Router With WiFi

    Reply
  8. RUCHI SOLANKIOctober 19, 2012 at 9:29 PM

    I RECIVE THIS MASAGE DAILY WHAT WILL I DO FOR REMOVE THIS “MALWARE AND FIEWALL” WHAT WILL I DO???PLZ GIVE ME SOME SUGGETION?? HOW CAN I PROTECT MY PC AND NETWORK

    Reply
  9. Thanks for the info.

    Reply
  10. B M JAWAHAROctober 19, 2012 at 9:48 PM

    Thanks Mr.Rahul sir, how can get firmware update me.please give your advice always.Thanks again.

    Reply
    • Hi,
      You must check the website of the manufacturer of your router to check for firmware updates. Alternately, you can speak to their support numbers also to know about these updates.
      Regards.

      Reply
  11. Praful TarkarOctober 19, 2012 at 9:58 PM

    One more Security measure is enabling MAC address filtering.

    Reply
  12. anant bhutoriaOctober 19, 2012 at 10:29 PM

    thnx for help

    Reply
  13. Can you confirm that Quick heal servers are malware proof? And online update must take of that..either Quickheal 2012 or 2013….!!

    Reply
  14. Mohammed NaushadOctober 19, 2012 at 11:24 PM

    Thanks for informing.

    Reply
  15. Bhaskar BasakOctober 20, 2012 at 1:28 AM

    Good

    Reply
  16. thanks for the info …. nice……work ……

    Reply
  17. please send me the license key of quick hill

    Reply
  18. v sivaramakrishnaOctober 20, 2012 at 5:54 AM

    very very thanking you

    Reply
  19. abhijit haldarOctober 20, 2012 at 8:21 AM

    Thanks,,
    Hey Rahul I have 27 computer in my office and it’s connected WORKGROUP,and I have WI-Fi Router.. So what is problem?
    please mail me!

    Reply
  20. Manish RuparelOctober 20, 2012 at 8:22 AM

    Rahul,

    Thanks for the information. We appreciate it as it is helpful to millions out there who are not very tech savy. Great work. Keep posting such info for benefit of all.

    Reply
  21. Somesh SharmaOctober 20, 2012 at 9:17 AM

    Thanks for this important News Yesterday i face many problems with Wi-Fi

    Reply
  22. P.MANIKANDANOctober 20, 2012 at 9:30 AM

    PLZ THIS PROBELM CLEAN.

    Reply
  23. Thanks for share information……..

    Reply
  24. Thanks for this important News Today. i face many problems with Wi-Fi router. thnnx. .

    Thnx and best regards

    ankit verma
    frontier Agencies pvt.ltd.
    lucknow.220005

    Reply
  25. Mahender GargOctober 20, 2012 at 10:45 AM

    thank sir for inform that us…..please solve this problums….I request you.

    Reply
  26. Your article on router vulnerability will certainly help the users to take more precautions.

    Reply
  27. khemnath sharmaOctober 20, 2012 at 11:24 AM

    good

    Reply
  28. Thanks for the imformation Rahul.. another grate security setting is that MAC ADDRESS BINDING ENABLE ON YOUR ROUTER.

    Reply
  29. Thank you Mr Rahul providing us with valuable information regarding malware.

    Reply
  30. i need this

    Reply
  31. Rajendra JoshiOctober 20, 2012 at 1:20 PM

    I have my PC in my house with Router & I have quickheal software of total security. Should I change User ID & Password.

    Rajendra Joshi.
    20/10/2012

    Reply
  32. S.PrempiyaranOctober 20, 2012 at 1:31 PM

    Thank you. Hope of the best

    Reply
  33. A lot pf thanks the latest threat information

    Reply
  34. thanxxx 4 tha help

    Reply
  35. THANK YOU

    Reply
  36. Thanks for the information

    Reply
  37. I want to update QHIS 12 but an error occured A dialog box appears that shows ” Unable to complete the download process due to internet disconnected from remote side please check the internet connection ” but the internet is connected i cant understand the problem please solve the issue.

    Reply
  38. Haji Khurshid AnwerOctober 20, 2012 at 10:14 PM

    Thanks for information,I sure u r realy great person,god bless you.Haji Khurshid Anwer

    Reply
  39. Rajiv Kumar SharmaOctober 20, 2012 at 11:09 PM

    I received a mail with subject UPS member. But when I open attachment file with mail. My pc suddenly restart and Guardian antivarus give me massage that my saystem atack with virus and theft data online. I immedaitly log off my system and load the fresh window and load Quick Heal antivirus . plz suggest what happen now .

    Reply
  40. i am running a site through my thru wamp server… should i change the id pass?
    i have quick heal total security installed

    Reply
  41. rishabh parasharOctober 21, 2012 at 9:46 AM

    think if some one crack our password then how we will come to know

    Reply
  42. Nikhil GoswamiOctober 21, 2012 at 3:02 PM

    Hi Rahul,

    Thank you for details & preventive care suggested regarding Wi-fi Routers. At present we are using Quick Heal Total Security 13.00 on our system & are using Zyxel Wi-fi Router. I think we are victims of the issue. We are facing similar problems as discussed by you.

    We are directed to different websites & also, display of web pages of certain websites takes long time. Some websites ask us to login again & again. We did not faced such problems earlier. Our Internet Connectivity is excellent.

    Also, We are located in Nashik & We have observed on Internet
    (i.e google & Facebook )our Location is displayed as Aurangabad.
    during day i.e between 9AM to 8.30 PM & it displays Nasik at night i.e 8.30 PM to 9AM.

    We will be obliged if you suggest extra preventive actions also.

    Regards,
    Nikhil G.

    Reply
    • Hi Nikhil,
      If this attack has occurred on your router, it is a very serious issue. You need to take corrective steps immediately. We recommend that you visit our support page and submit a ticket – http://www.quickheal.com/submitticket.asp. Our support team will get back to you. You can also call our support team for further analysis. You should also update the firmware of your router immediately.
      All the best.

      Reply
  43. abhishek agnihotriOctober 21, 2012 at 4:47 PM

    thnx rahul

    Reply
  44. raaj sharma, dhanbadOctober 21, 2012 at 5:59 PM

    Rahul sir,, i think someone is trying to hack my computer, i used quick heal total security. can it protect my laptop from these type of hackers or i should have to change my antivirus software, please give me some suitable direction in my mail as soon as possible.

    Thanks

    Raaj computers
    dhanbad-826004
    Jharkhand

    Reply
  45. kishor dulalOctober 21, 2012 at 7:03 PM

    thanks for giving me a valuable information.i have also got problem in my pc

    Reply
  46. Ramesh kumarOctober 21, 2012 at 11:40 PM

    thanx for information help

    Reply
  47. Thanks for informing about this….!!

    Reply
  48. Thanks for informing about these viruses…..

    Reply
  49. hello,

    I have a probel with blue screen and dump memory problem…Blue screen appears and it says that it is due to caching.Please provide solution with this problem..

    Reply
  50. hey
    we have problem with blue screen and dump memory..
    There is a problem of Caching..

    Please provide solution for it.

    Reply
  51. thanks for information

    Reply
  52. thnks 4 new trick

    Reply
  53. raaj sharma, dhanbadOctober 22, 2012 at 10:18 PM

    thnaks rahul sir ….

    Now i want to introduce a new problem which is happening in my laptop. while watching movie in laptop , the screen is automatic looks like scratching type. Is it problem of virus affected or other ??????? my laptop is of Dell compay model number INSPIRON 15R . when i reached the shop where i bought my laptop and told him about the problem then he adviced me that it is due to software ,we cant help you anytype .he told me that we only give the warranty of hardware not for software. Now what should i do rahul sir,, please tell me ??????????????????/

    Reply
    • Hi Raaj,
      The chances that this is happening due to software are very low. Check if the screen has physical signs of damage. If not, use a different program to watch movies. Or view a different video file, maybe the file you saw was corrupted.
      Regards.

      Reply
  54. ASHISH AHUJAOctober 23, 2012 at 2:40 PM

    Thank you, for informing, I’ll be more careful about that !!

    Reply
  55. how can i change my default password provided my manufacturer to my com from vulnerablre wi-fi router?????

    Reply
    • Hi Anshu,
      If you have a user manual for the router, the steps will be mentioned there. If not, you can visit their website and get the steps. If that does not work, you will need to call their support number.
      Regards.

      Reply
  56. kunalkaushalOctober 23, 2012 at 6:57 PM

    dear sir,
    thankyou for

    Reply
  57. vijay chouhanOctober 24, 2012 at 9:42 AM

    Hello Sir, Please Repeir my Anti Vourous.
    Thanks.

    Reply
  58. vijay chouhanOctober 24, 2012 at 9:44 AM

    Hello Sir, What is Wi-Fi Routers.

    Reply
  59. ABHINAV ANKUROctober 24, 2012 at 6:29 PM

    thanks

    Reply
  60. ds vishwakarmaOctober 26, 2012 at 11:10 PM

    Thank you Rahul for awaring Wi-Fi router threat. It is a great tip to protect our system. Again many – many thanks and with regards.

    Reply
  61. ds vishwakarmaOctober 26, 2012 at 11:16 PM

    thanks for useful information. I certainly ensure its implementation.

    Reply
  62. ds vishwakarmaOctober 26, 2012 at 11:22 PM

    Thanks.

    Reply
  63. ds vishwakarmaOctober 26, 2012 at 11:26 PM

    thanks for guiding us on a new threat through Wi-Fi.

    Reply
  64. Wow. good initiative to alert common man.

    Reply
  65. thanks dude

    Reply
  66. rohit sarkariSeptember 23, 2014 at 10:11 PM

    After I update the router ………… default username and password is not working ……. help me please

    Reply