An attack that was originally spotted in August affecting DLink routers has spread to over 100,000 routers including 70 different models.
The attack originally targeted Brazilian banking customers by compromising their internet router, changing the DNS server and pointing them to a bogus, look-alike banking site. From there, they steal your credentials.
Not satisfied with the catch, the attackers are ramping up their attack. It looks for default and easy to guess router admin passwords and other router vulnerabilities.
This attack is going to be difficult to stop if people do not deal with it.
What to do?
Make sure that your router’s admin interface is not accessible from the Internet. It is difficult to secure it, so just make it invisible.
For banking, make sure that you use two factor authentication. While not impossible, it makes the hacker’s job much harder.
Change default router passwords to ones that are hard to guess.
Finally, make sure that you patch your router regularly or configure it to automatically patch itself.
Make your local hacker work to get into your network.
Source: The Register .