Malvertising Campaign Aimed at Changing the DNS Settings of Home Routers

Malvertising Campaign Aimed at Changing the DNS Settings of Home Routers
A payload for altering the DNS settings of home routers is being delivered through a malicious advertisement inserted in a big online advertising network.

The definition for malvertising is an attack in which the cyber criminals take advantage of third-party services displayed to different websites. Normally, the attack includes a redirect to a compromised webpage or one controlled by hackers, serving a malicious payload.

In this particular campaign the crooks have inserted the payload directly in the ad that is being delivered to the webpages through a domain owned by Google, called

The experts analyzing the malicious URL discovered that the cyber criminals have encoded the code to disguise the threat. In the process of decoding it, the experts had to go through 2 716 blank characters before stumbling upon a malicious one that tries to alter the DNS settings of the victim’s home router and force a reboot.

A DNS server is specially configured to translate the website’s IP address into a readable input. This way, the attackers can convert a different IP into the domain that is required by the victim and serve arbitrary content.

The DNS server that is used in the attack is reportedly located in the US. Experts believe that the server has not been used so far because it is not serving malicious IPs.


Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share