IiPakethi ezimbi zibike ukuba ukuqala kukaDisemba ka-2018, iqela le-cybercriminals liqhekeze ii-router zasekhaya, ngokukodwa iimodeli ze-D-Link, ukutshintsha iisetingi zeseva ye-DNS kunye nokuthintela i-traffic elungiselelwe iiwebhusayithi ezisemthethweni. Emva koku, abasebenzisi baye bathunyelwa kwimithombo yobuxoki.
Kuxelwa ukuba ngenxa yale njongo, imingxuma kwi-firmware isetyenzisiweyo, evumela ukuba utshintsho olungabonakaliyo lwenziwe kwindlela yokuziphatha kwee-routers. Uluhlu lwezixhobo ekujoliswe kuzo lujongeka ngolu hlobo:
- I-D-Link DSL-2640B - izixhobo ze-14327 ze-jailbroken;
- I-D-Link DSL-2740R - izixhobo ze-379;
- I-D-Link DSL-2780B - izixhobo ze-0;
- I-D-Link DSL-526B - izixhobo ze-7;
- I-ARG-W4 ADSL - izixhobo ezi-0;
- I-DSLink 260E - izixhobo ezi-7;
- I-Secutech - izixhobo ezili-17;
- TOTOLINK - 2265 izixhobo.
Oko kukuthi, ziimodeli ezimbini kuphela ezikwazileyo ukumelana nohlaselo. Kuyaphawuleka ukuba kwenziwa amaza amathathu ohlaselo: ngoDisemba 2018, ekuqaleni kukaFebruwari, nasekupheleni kukaMatshi kulo nyaka. Kuthiwa abaphangi basebenzise oku kulandelayo. Iidilesi ze-IP serverrov:
- 144.217.191.145;
- 66.70.173.48;
- 195.128.124.131;
- 195.128.126.165.
Umgaqo wokusebenza kohlaselo olunjalo lulula - izicwangciso ze-DNS kwi-router zitshintshwa, emva koko zibuyisela umsebenzisi kwindawo ye-clone, apho kufuneka ukuba bafake ukungena, igama lokugqitha kunye nezinye iinkcukacha. Emva koko baya kubaduni. Bonke abanikazi beemodeli ezikhankanywe ngasentla bacetyiswa ukuba bahlaziye i-firmware yee-routers zabo ngokukhawuleza.
Okubangela umdla kukuba, uhlaselo olunjalo lunqabile ngoku; Nangona kwiminyaka yakutshanje ziye zasetyenziswa ngamaxesha athile. Ngaloo ndlela, kwi-2000, uhlaselo olukhulu lwarekhodwa kusetyenziswa intengiso eyasuleleka iirouter eBrazil.
А в начале 2018 года проводилась атака, которая перенаправляла пользователей на сайты с вредоносным ПО для Android.
umthombo: 3dnews.ru
