You see this notification on the Trend Micro Home Network Security app:
"Remote DNS Change Exploit"
Why did this happen?
An unauthenticated remote DNS change was detected on your D-Link device (DSL-2780B DLink_1.01.14).
The exploit allows unauthenticated remote configuration of DNS server settings on the modem router in a form of a CGI script (dnscfg.cgi).
What are its risks?
This vulnerability makes the users suffer financial and private data losses through this malicious hijacking attack.
The attacker is attempting to modify both primary and secondary name servers with the same malicious server IP, which means if the malicious server is offline, all infected homes will fail to further resolve any hostnames and their internet will be virtually inaccessible until the users manually update their router settings or the ISP overrides the settings.
What should I do next?
- Apply the most recent patch or firmware updates from your router’s vendor website and allow only trusted users to have network access. Show me how.
- Change the default password of the router and create a much stronger password. Check your router’s manual or handbook for the instructions on changing your router’s password. Show me how.
- Check the primary and secondary DNS server settings of your mobile devices, computers, and router in the IP configuration.
What if I have more questions?
For more information, check out:
