Re: Can a router be 'infected'?
- From: ~BD~ <BoaterDave@xxxxxxxxxxxxx>
- Date: Wed, 20 May 2009 14:47:47 +0100
David H. Lipman wrote:
From: "BD2" <BoaterDave@xxxxxxxxxxxxx>
| Here is a quote made recently by MVP PABear in a Microsoft newsgroup:-
| "It *is* his computer and it was yours, too. The infection you had also
| "infected" the router."
| Please will someone explain exactly how this can happen and how to check
| that one's router is 'clean'?
An off the shelf SOHO Router can NOT become "infected" it can become compramised. Robear Dyer used the wrong terminology.
A DNSChanger Trojan can use a dictionary attack on a given SOHO Router and if the default password has NOT been set to a strong password then the DNS Server table can be changed and malaicious DNS servers, such as 85.255.x.y, may be inserted in the DNS Server table redirecting LAN nodes to malicious sites.
The Router itself can not be "infected" such there is malware now running on that appliance. It becomes compromised where it acts on behalf of the malicious actor's desires by altering its settings.
You said "Robear Dyer used the wrong terminology".
Will you post in that thread and tell him so? If not - why not?
Should you *not* wish to correct him (so notifying the OP as well) I trust you have no objection to me posting there and quoting exactly what you have said here, David.