Router malware injects ads, pornographic content into websites

Washington: A recent report by Ara Labs claims that a news strain of malware is misusing routers to inject ads and pornographic content into websites, and once a router is compromised, the malware will load third-party content onto almost any website visited by the user.

The attack alternates between loading ads and directly loading content from pornographic websites. In both cases, it's functioning as a basic adware attack, redirecting targets as a pay of generating paid traffic for a client.

According to the Verge, the attack works by targeting the DNS system. Since DNS information is typically communicated through the router, the attackers used the hacked routers to reroute requests to their own bogus IP addresses. When the target tried to connect to Google Analytics, the hacked router sent the request to the attackers' server, which answered the request by injecting its own content onto the pages in question. Google Analytics is so widely used that the attack was able to inject ads into almost any site on the web.

Routers are less powerful and harder to patch than computers, so they are much more vulnerable. This had made them a common target for hackers, who use them to launch denial of service attacks or spoof banking sites to steal login credentials.

The compromise is specific to the router and it won't be detected by traditional antivirus tools, which may lead many victims to assume the ads are legitimate.