[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CPE dns hijacking malware

Subject: CPE dns hijacking malware
From: rdobbins at arbor.net (Dobbins, Roland)
Date: Tue, 12 Nov 2013 06:12:13 +0000
In-reply-to: <[email protected]>
References: <[email protected]>

On Nov 12, 2013, at 12:56 PM, Mike <mike-nanog at tiedyenetworks.com> wrote:

> It appears that some of my subscribers DSL modems (which are acting as nat routers) have had their dns settings hijacked and presumably for serving ads or some such nonsense. 

How do you think this was accomplished?  Via some kind of Web exploit customized for those devices and targeting your user population via email or social media, which tricked users into clicking on something that accessed the Web admin interface via default admin credentials or somsesuch; or via some direct attack on the CPE devices themselves; or via some other method?

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton

Follow-Ups:
- CPE dns hijacking malware
  - From: jeff-kell at utc.edu (Jeff Kell)

References:
- CPE dns hijacking malware
  - From: mike-nanog at tiedyenetworks.com (Mike)

Prev by Date: CPE dns hijacking malware
Next by Date: CPE dns hijacking malware
Previous by thread: CPE dns hijacking malware
Next by thread: CPE dns hijacking malware
Index(es):
- Date
- Thread