Popular D-Link Router Falls for Routine Malware

Editor
Updated

While every router manufacturer must endure its share of difficulties, D-Link has been having a particularly tough time over the last year or so.

Credit: AmazonCredit: AmazonEvery few months or so, one (or more) of its widely used routers falls prey to some kind of dangerous exploit, and the latest victim is the D-Link DSL-2750B. This consumer-grade combination router/DSL modem, which was formerly distributed by Verizon to many of its home DSL customers, is currently under attack from a prominent Internet-of-Things botnet known as Satori.

But the really bad news is that the D-Link vulnerability that Satori is exploiting is two years old, and there may not be a fix for it yet.

MORE: Best Wi-Fi Routers

What you can do

If it's true that D-Link has not issued a patch for the flaw, there’s unfortunately not much you can do if you own the DSL-2750B. (The router is also a few years old, and not guaranteed to get an update at all.)

Good antivirus programs installed on your PCs, Macs and Android devices will prevent Satori from infecting them with other forms of malware, although that's not what Satori is really interested in doing. It's too busy attacking websites, mining cryptocurrencies and generally being an internet nuisance.

You really don't want your home Wi-Fi router compromised in the first place. It's the key to your digital kingdom. If an attacker controls your router, he can send you to malicious webpages designed to steal your passwords or empty your bank accounts. It's better to just call up Verizon and ask for a newer model.

Low hanging fruit

This information all comes from two sources: an analysis of the Satori variant from Beijing-based security firm 360 Netlab, and a study of the malware’s spread from enterprise security provider Radware, located in Mahwah, New Jersey.

To put things very briefly: Satori is a variant of an Internet of Things botnet called Mirai, which made a splash when it attacked thousands of IoT devices and used them to temporarily knock parts of the U.S. East Coast offline in the fall of 2016. The botnet never really went away; some devices patched against it, and some didn’t. But in the meantime, attackers are still experimenting with ways to make it more effective.

Just why Satori is attacking the D-Link DSL-2750B is not a mystery: the device has a well-publicized security hole that was first reported in the winter of 2016. We couldn't find any patches available online for this flaw, even though the D-Link DSL-2750B was given by Verizon to many of its home DSL customers, some of whom are certainly still using it.

Using different known exploits, Satori is also attacking routers made a Chinese company called XiongMai and optical-fiber routers used overseas. Radware measured Satori attacking more than 2,500 devices in a 24-hour period. Without going into exquisite detail about how the attack works,  the newly infected routers themselves then scan the internet for more devices to infect.

Where the attack originates is anyone’s guess. The plurality of attacks seems somewhat evenly distributed between Brazil, South Korea and Italy. Seventeen other countries also show up in Radware’s analytics, including the United States, the United Kingdom, Russia, France and Spain. In other words: If you have a vulnerable device, Satori doesn’t seem very choosy about where you live.