

This router hack is injecting ads and porn into random websites - roflmatz
http://www.theverge.com/2015/3/25/8290277/router-hack-adware-porn-security-ara-labs

======
nmc
The malware uses basic router exploits and/or guesses default credentials to
get into the routers. From there DNS hijacking is easy as pie, as long as the
target does not do DNSSEC.

This is not technically attacking websites, only connections served by
hijacked routers should be affected. Besides, since the malware intercepts
Google Analytics tags to inject ads, any website not using that tracking
engine should not be affected.

Source: the Ara Labs report linked in the article, at
[http://aralabs.com/blog/2015/03/25/ad-fraud-malware-
hijacks-...](http://aralabs.com/blog/2015/03/25/ad-fraud-malware-hijacks-
router-dns-injects-ads-via-google-analytics/)

------
ValdikSS
This guy who did this is from Russia. Last week he attacked only Russian
routers and hijack DNS records to google-analytics and yandex.metrika (popular
Russian analytics). We found him and shut down his servers, and even had a
talk with him. He swore he won't do this again.

[http://tjournal.ru/paper/antisanctions-safari-yandex-
browser](http://tjournal.ru/paper/antisanctions-safari-yandex-browser)
[https://gist.github.com/ValdikSS/2706f643bbfa0bb5158f](https://gist.github.com/ValdikSS/2706f643bbfa0bb5158f)

