路由器重定向到不需要的Adobe Flash更新恶意软件站点-Moon Virus?
Bear with me, for now this will be a tiny post, a placeholder, but I am looking for feedback, ideas, comments and I will keep this post updated.
忍受我,现在这将是一个很小的帖子,一个占位符,但是我正在寻找反馈,想法,评论,并且我将不断更新此帖子。
The scenario: My local sandwich shop where I often hang out and work remotely has a wireless router that started to redirect me to a fake "update your flash" and download a "Install flashplayer_10924_i13445851_il345.exe" malware file. There are no viruses, rootkits, or malware on my PC. This affects their PoS (Point of Sale) system, tablets, iPhones. Also, it's not a DNS hijack, as the URL from the HTTP doesn't change. It's a MitM attack (Man in the Middle) where x number of HTTP GETs work fine and then every few hundred the router returns it's own HTML. The requestor doesn't know the difference.
场景:我经常在附近的三明治店闲逛并远程工作,该无线路由器开始将我重定向到伪造的“更新您的闪存”并下载“ Install flashplayer_10924_i13445851_il345.exe”恶意软件文件。 我的PC上没有病毒,rootkit或恶意软件。 这会影响他们的PoS(销售点)系统,平板电脑,iPhone。 另外,它也不是DNS劫持,因为HTTP的URL不会更改。 这是一种MitM攻击(中间人),其中x个HTTP GET正常工作,然后每隔几百个路由器返回其自己HTML。 请求者不知道区别。
The router he has is a V1000W Wireless N VDSL Modem Router. I'm suspecting the "Moon" virus but I'm not sure, as this isn't a Linksys. The firmware is ancient from 2009 and that's the latest one I can find.
他拥有的路由器是V1000W无线N VDSL调制解调器路由器。 我怀疑是“月亮”病毒,但我不确定,因为这不是Linksys。 该固件来自2009年,这是我能找到的最新固件。
Before you reply:
在您回覆之前:
- I'm technical, but the public is often not. Comments like "run openwrt" are certainly valid for a techie, but I'd like to know something more populist: 我是技术专家,但公众通常不是。 诸如“ run openwrt”之类的注释对于技术人员当然是有效的,但我想了解更多民粹主义者:
- Can this router (and others like it) be fixed? Or is this bricked? Can I flash it with the original firmware to restore? 这个路由器(和其他类似的路由器)可以固定吗? 或者这是砖头? 我可以使用原始固件对其进行闪存恢复吗?
- Remote management isn't enabled. What port did the attack happen on? 未启用远程管理。 攻击发生在哪个端口?
- How can I confirm it has it (all signs point to it) with some curl command? 如何通过一些curl命令确认它是否具有它(所有符号都指向它)?
- What routers have this? What is the source? 什么路由器有这个? 来源是什么?
- What can a regular Jane/Joe do about this if they have Frontier/FIOs/CenturyLink, etc? 如果普通的Jane / Joe有Frontier / FIO / CenturyLink等,该怎么办?
Thoughts?
有什么想法吗?
关于斯科特 (About Scott)
Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.
斯科特·汉塞尔曼(Scott Hanselman)是前教授,前金融首席架构师,现在是演讲者,顾问,父亲,糖尿病患者和Microsoft员工。 他是一位失败的单口相声漫画家,一个玉米种植者和一本书的作者。