Tech

Can a Router Get a Virus?

Your router is vulnerable to viruses, so use a strong router password

Routers are just as susceptible to viruses as computers. A common reason a router gets infected is that the owner forgets to change the default administrator password.

How do routers get viruses?

If a hacker can access the first login screen and change the router’s settings, the router could be infected with a virus. In some cases, viruses can modify the built-in firmware that controls the router’s software.

Enable the wireless router’s built-in firewall

You don’t have to throw away an infected router – repair and protect that device from further infections in the future.

Two common router viruses that have infected thousands of routers in the past are Switcher Trojan and VPNFilter.

How the Switcher Trojan Infects Routers

The Switcher Trojan infects Android smartphones via apps or via click-through phishing emails. After an infected Android phone is connected to a Wi-Fi network:

  • The Trojan communicates with the central server to report the name of the network ID.
  • Then, in addition to trying other passwords, it will try to log into the router using the router brand’s default admin password.
  • When you log in, the Trojan changes the default DNS server addresses to those controlled by the virus authors.
  • Alternate DNS servers rerouted all internet traffic for that Wi-Fi network through new servers that attempted to delete sensitive information such as bank account and credit card details, login credentials, and more.
  • Sometimes a fake DNS server will return an alternate website (such as Paypal or your bank’s website) to extract your credentials.

A normal DNS server translates the URL you enter in a web browser (eg google.com) into an IP address. Switcher IP changes the correct DNS settings from the router (for your ISP’s DNS server) to the hacker’s DNS server. The infected DNS server then gives the browser the wrong IP address for the website you are visiting.

How VPNFilter virus infects routers

VPNFilter infects home Wi-Fi routers in the same way as the Switcher Trojan. Often, devices connected to Wi-Fi networks get infected, and the software hacks into home routers. This infection occurs in three stages.

  • Level 1: A malware loader infects the router’s firmware. This code installs additional malware on the router.
  • second stage: The first stage code installs additional code that resides on the router and performs operations such as collecting files and data from devices connected to the network. It also attempts to execute commands remotely on these devices.
  • The third phase: The second-stage malware installs additional malicious plugins that monitor network traffic to capture sensitive user information. Another plugin, called Ssler, converts secure HTTPS web traffic (such as when you log into your bank account) into insecure HTTP traffic, allowing hackers to extract your login credentials or account information.

Unlike most router viruses that clear when the router is rebooted, the VPNfilter code remains embedded in the firmware after a reboot. The only way to remove a virus from a router is to perform a hard factory reset following the manufacturer’s factory reset instructions.

There are even more router viruses on the internet, and they all follow the same strategy. These viruses first infect the device. When the device is connected to a Wi-Fi network, the virus tries to log in to the router using the default password or by looking for a poorly designed password.

Does my router have a virus?

If your network exhibits the following behavior, your router may be infected.

If you visit a website that is supposed to be safe (such as Paypal or your bank) and you don’t see a lock in the URL field, you may be infected. All financial institutions use the secure HTTPS protocol. If you don’t see the lock icon, your actions on the site are not encrypted and can be seen by hackers.

Over time, malware can eat up your computer’s CPU and slow down its performance. Malware running on your computer or router can cause this behavior. Combined with the other behaviors listed, this could mean that the router is infected.

High CPU on the computer

If you still see ransomware pop-ups asking for payment, or if your files were corrupted after scanning and cleaning your computer for malware and viruses, your router is infected.

Ransomware pop-up example

Andrei Popov/Getty Images

When you visit a normal website but get redirected to an unfamiliar website you don’t recognize, this could be a sign that your router is infected. Sometimes these sites can be fake sites that look like real sites.

a fake banking website

Never click a link or enter your account credentials if you are redirected to a website that doesn’t look good. Instead, follow the steps below to determine if a virus is causing the behavior.

If you click on a Google search link and end up on an unexpected web page that doesn’t look right, this could be another sign that your router is infected with malware.

click on google search result

Repair an infected router

To check if your router is infected, run a scan using available online tools. There are many of them available, but please choose one from a known and trusted source. An example is F-Secure, which scans routers and determines if a virus has penetrated the router’s DNS settings.

Scan Results F-Secure Router

If your router is clean, you will see a message with a green background indicating it is clean.

Another example is a Symantec scan specifically looking for the VPNFilter Trojan.To run a scan, select the checkbox indicating that you agree to the terms, then select Run a VPN filter check

Symantec VPN Filter Scan

Always read the terms of service and privacy agreement. Sometimes people try to get a sneak peek at how they collect and use personal data.

If the scan shows that your router is infected, follow these steps:

reset the router† In many cases, resetting the router will not completely eliminate the virus infection. Instead, do a hard reset of the router. This process usually requires you to insert a sharp object (such as a pin) into the small hole and hold the button for a few seconds. Check the manufacturer’s website for factory reset instructions.

A hard factory reset will erase all settings on the router. You will need to reconfigure all settings, so do a factory reset only if you are sure a virus or trojan has infected your router.

update firmware† If your ISP provides the router, the ISP will most likely automatically send firmware updates to the router. If you own a router, visit the manufacturer’s website to find and download the latest firmware update for your router model. This process ensures that the router has the latest patches to protect against the latest viruses.

Change administrator password† To prevent viruses or trojans from re-infecting the router, you should immediately change the administrator password to a more complex password. A good password is your best defense against an infected router.

Create a secure cryptosystem

Change the password of the Netgear router

After removing the virus, run a full antivirus scan on all devices connected to the infected router.

Content

Can a Router Get a Virus?

Your router is vulnerable to viruses—so use a strong router password

A router is as vulnerable to being infected with a virus as a computer. A common reason why routers get infected is that the owner forgot to change the default administrator password.

How Can a Router Get a Virus?

A router can get a virus if hackers can get through the initial login screen and modify the router settings. In some cases, viruses can modify the embedded firmware that controls the router software.

How to Enable Your Wireless Router’s Built-In Firewall

You don’t need to toss out an infected router—repair and then protect that device from further infections in the future.

Two common router viruses that have infected thousands of routers in the past include the Switcher Trojan and VPNFilter.

How the Switcher Trojan Virus Infects Routers

The Switcher Trojan infects an Android smartphone through an app or by a click-through on a phishing email. After that infected Android phone connects to any Wi-Fi network:

The Trojan communicates with a central server to report the name of that network’s identification.
It then attempts to log in to the router using the router brand’s default administrator password, as well as testing other passwords.
If it logs in, the Trojan modifies the default DNS server addresses to a DNS server under the virus maker’s control.
The alternative DNS server redirects all internet traffic from that Wi-Fi network through the new servers, which attempt to strip sensitive information like bank account and credit card details, login credentials, and more.
Sometimes the fake DNS servers return an alternate website (like Paypal or your bank website) to scrape your login details.
A regular DNS server converts the URL you type into a web browser (like google.com) into an IP address. Switcher IP modifies the router’s correct DNS settings (for your internet provider’s DNS servers) to the hacker’s DNS servers. The compromised DNS servers then provide the browser with incorrect IP addresses for the websites you visit.
How the VPNFilter Virus Infects Routers

VPNFilter infects home Wi-Fi routers in the same way Switcher Trojan does. Usually, a device connecting to the Wi-Fi network is infected, and that software penetrates the home router. This infection happens in three stages.

Stage 1: A malware loader infects the router firmware. This code installs additional malware onto the router.
Stage 2: The stage-one code installs additional code that resides on the router and performs actions like collecting files and data from devices connected to the network. It also attempts to run commands remotely on those devices.
Stage 3: The stage-two malware installs additional malicious plug-ins that do things like monitor network traffic to capture sensitive user information. Another add-on is called Ssler, which converts secure HTTPS web traffic (like when you log in to your bank account) into insecure HTTP traffic so that hackers can extract your login credentials or account information.
Unlike most router viruses that get wiped when you reboot a router, the VPNfilter code stays embedded into the firmware after a reboot. The only way to clean the virus from a router is to perform a full factory reset following the manufacturer’s factory-reset instructions.

There are additional router viruses on the internet, and all follow the same tactic. These viruses first infect a device. When that device connects to a Wi-Fi network, the virus attempts to log in to the router using the default password or by checking for a poorly created password.

Does My Router Have a Virus?

If the following behaviors are happening on your network, there’s a chance your router could be infected.

When you visit websites that should be secure (like Paypal or your bank), but you don’t see the lock icon in the URL field, you might be infected. Every financial institution uses the secure HTTPS protocol. If you don’t see the lock icon, then your movements on that website aren’t encrypted and could be viewed by hackers.

Over time, malware can consume the computer CPU and slow down performance. Malware running on either the computer or on the router can cause this behavior. Combined with the other behaviors listed may mean that the router is infected.

If, after scanning and cleaning the computer of malware and viruses, you still see ransomware pop-up windows demanding payment or your files will be destroyed, it’s a good indication that the router is infected.

AndreyPopov / Getty Images
When you visit normal websites but are redirected to strange websites that you don’t recognize, it could indicate that your router is infected. Sometimes those sites may be spoofed sites that look similar to the real site.

If you’re redirected to sites that don’t look right, never click any links or enter your account login details. Instead, go through the steps to determine if a virus is causing the behavior.

If you click Google search links and end up on an unexpected web page that doesn’t look right, it could be another sign that the router is infected with malware.

How to Fix an Infected Router

To check if your router is infected, run a scan using available online tools. There are many of these available, but choose one that comes from a known and trusted source. One example is F-Secure, which scans the router and determines if a virus has hacked the router’s DNS settings.

If your router is clean, you’ll see a message with a green background indicating that it’s clean.

Another example is the Symantec scan that checks specifically for the VPNFilter Trojan. To run the scan, select the check box to indicate that you agree to the terms, and then select Run VPNFilter Check.

Always read the Terms of Service and Privacy Agreement. Occasionally, one tries to be sneaky about how it collects and uses personal data.

If any scans indicate that your router is infected, take the following steps:

Reset the router. In many cases, rebooting the router won’t thoroughly clean it of a virus infection. Instead, perform a full router reset. This process usually requires inserting a sharp object like a pin into a small hole and pressing the button for several seconds. Check the manufacturer’s website for factory reset instructions.

A full factory reset clears all settings from the router. You’ll have to reconfigure all of the settings again, so only perform a factory reset if you’re confident a virus or a Trojan infected the router.

Update the firmware. If your ISP provided the router, chances are the ISP automatically pushes firmware updates to the router. If you own the router, visit the manufacturer website to search for and download the latest firmware update for your router model. This process ensures the router has the latest patches to guard against the latest viruses.

Change the administrator password. To prevent any viruses or Trojans from reinfecting the router, immediately change the administrator password to something more complex. A good password is your best defense against an infected router.

Creating a Strong Password System

After you clear the virus, run a full antivirus scan on all devices that connect to the infected router.

#Router #Virus

Tài Chính Kinh Doanh

Business Finance - Synthesize economic and financial news, market price news, insurance news.... Start-up investment opportunities, business cooperation and loan guidance. #taichinhbusiness #taichinh #tintuctaichinh #tintucbaohiem Contact Info: Website: https://taichinhquangdoanh.info/ Mail: Address: 63-47 To Hien Thanh Ward, Le Dai Hanh, Hai Ba Trung, Hanoi, Vietnam

Trả lời

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *

Back to top button