Skip to main content

Your Router May Be Infected To Serve Up Fake Ads

By January 6, 2017May 11th, 2022Blog, Cybersecurity

If you have never heard the term “steganography,” you’re not alone. It’s the art and science of hiding code inside image data.

When used by hackers, it is one of the most difficult attack vectors to detect, because honestly, few people consider images to be more than window dressing for the web. That is, in fact, exactly what the hackers are counting on.

Recently, a series of malicious ads have been found on a wide range of legitimate websites. When they are displayed, the code embedded in them redirects site visitors to a hacker-controlled page containing an exploit kit called “DNSChanger,” which attacks vulnerable routers.

The attack is highly complex, and not something that an un- or semi-skilled hacker would be capable of. First, the ads check the viewer’s IP address against a target list. If the address falls outside the specified range, then a dummy ad is displayed with no additional code.

If, on the other hand, the address falls within the hacker’s target range, the next phase of the attack begins, and the viewer is served a hidden image that contains code designed to exploit the user’s router. Once it has been breached, the next move is at the hacker’s discretion, but he has essentially unfettered system access. The hacker can monitor all network traffic and pilfer sensitive data like passwords, bank account and credit card numbers and the like.

The best way to minimize the risk of such an attack is to ensure that your router is running the latest firmware. Based on an analysis of the code discovered in these images, the hackers have a database of more than 160 different router models and firmware versions they can check your equipment against, making their pool of potential targets vast indeed.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.