18

If you connect a computer that is infected with malware (the government grade, kernel infecting, extremely persistent, easily spreadable kind) to a router or modem, can the router or modem or its firmware be infected in such a way that, when you connect another computer to it, the infection transfers?

The two computers are never on the LAN at the same time.

Mat
  • 111
  • 7
Bob Ogden
  • 359
  • 3
  • 9
  • 1
    Generally "government grade" and "easily spreadable" are mutually exclusive. State-sponsored attacks tend to prefer to have a very narrow target. – forest Jun 05 '18 at 03:42

3 Answers3

32

You don't need government grade malware to do this and such attacks have actually been carried out for years. Typical SOHO routers are often vulnerable to CSRF and similar attacks and this can be used by the attacker to compromise the router, i.e. changing critical settings like the DNS servers. This compromise can be executed when you visit a web site. It does not even need to be a "bad" site since such an attack can be executed from inside embedded advertisements too (malvertisement).

For an example of such an attack see How millions of DSL modems were hacked in Brazil,... which talks about how attackers compromised millions of routers in Brazil using CSRF attacks. They then changed the DNS settings in the router so that the traffic got diverted to the attacker. With this man in the middle attack the attacker then could inject advertisements or malware into the traffic to every computer using this router.

These attacks are unfortunately very common today since a large proportion of SOHO routers are insecure. See Website Security – Compromised Website Used To Hack Home Routers for hacking via compromised web sites or Spam Uses Default Passwords to Hack Routers for similar hacks done via spam mails.

As for the enterprise level routers: Once you are in (maybe via a backdoor) you effectively own a large network with often sensitive information inside. By manipulating the routing you can divert the traffic to the attacker and do the same attacks and more as described above. The main difference is that you have far more computers behind the router and these have usually more more interesting information than you will find in home networks. This means the return of investment for the attacker is usually higher when enterprise routers or even routers as ISP's are compromised.

forest
  • 65,613
  • 20
  • 208
  • 262
Steffen Ullrich
  • 190,458
  • 29
  • 381
  • 434
  • There is even malware that infect routers with intention to secure it against other malware: http://www.securityweek.com/developers-mysterious-wifatch-malware-come-forward – Agent_L Dec 22 '15 at 12:45
9

Provided that the computer has access to router's administrative panel(which isn't very hard because of widespread use of default password and backdoors from vendors), this is definitely possible. All you have to do is change the DNS settings for network and setup your own malicious DNS server.

The video in this page shows how to backdoor a computer in a network with router/modem's administrative panel.

Abhibandu Kafle
  • 469
  • 3
  • 9
  • I still don't UNDERSTAND why the EDITORS in THAT linked article thought it WAS a good IDEA to capitalize CERTAIN WORDS for no reason. – Hugo Dec 21 '15 at 09:50
  • 2
    @HugoZink it NEEDS TO deliver its message to the READER – Aloha Dec 21 '15 at 10:07
  • 1
    @HugoZink I think capitalized words and paragraphs are a service to the busy reader who don't have time to read the entire text. By putting a word or a paragraph in all capitals you are signaling to the reader that this is not important, you can skip this part. THE REASON FOR USING CAPITALIZED WORDS FOR THE UNIMPORTANT PARTS RATHER THAN THE IMPORTANT PARTS IS, THAT IT WOULD BE STUPID TO MAKE ALL THE IMPORTANT PARTS HARDER TO READ BY MAKING THEM ALL CAPITALIZED WORDS. – kasperd Dec 21 '15 at 11:01
0

Maybe

I haven't heard of such a virus, and it sounds complicated, but yeah. If you're up against a nation state attacker, sure.

There has been malware that infects routers. And once you've got the router, you just wait for the target PC to download something and inject some nasty packets into that download.

StackzOfZtuff
  • 17,923
  • 1
  • 51
  • 86