There Might Be A ZuoRAT In Your SOHO Router, Infecting Your Machines

Source: Ars Technica There Might Be A ZuoRAT In Your SOHO Router, Infecting Your Machines

It’s Probably Time To Start Scheduled Reboots For Your Routers

Today brings the revelation that yet another sophisticated attack against SOHO routers has been attacking hardware for well over a year.  The complexity of ZuoRAT, the fact that three of the four components were written from scratch and the fact it has been found on over 80 different models of routers suggests it has the backing of an entity with a lot of resources.  The trojan runs on the MIPS architecture, which is why it can infect so many different types of routers, but that also brings good news.  This type of trojan will not survive a router reboot, so you might want to figure out a way to bounce yours regularly.

It is communicating back to it’s control servers via a number of proxies including ones in Taiwan and Canada which is making it hard to determine where those servers are located, though researchers are still hoping for a breakthrough.  The infection, one it moves into your router, will enumerate the devices on your network and hijack DNS and HTTP requsets to redirect your browser to malicious sites masquerading as the sites you intended to visit.  From there they can infect the machines on your network, sadly those infections will survive a reboot.

You can learn more about what has been discovered about ZuoRAT over at Ars Technica; though maybe reboot that router, just in case.

An unusually advanced hacking group has spent almost two years infecting a wide range of routers in North America and Europe with malware that takes full control of connected devices running Windows, macOS, and Linux, researchers reported on Tuesday.

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!