The Inquirer-Home

London IP addresses create zombie router network

Mysterious DNS switcher doesn't appear to do anything
Mon Mar 03 2014, 16:56
bug malware virus security threat breach

TWO INTERNET PROTOCOL (IP) ADDRESSES in London have been responsible for infecting more than a quarter of a million routers around the world.

Security researchers from specialist internet security consulting firm Team Cymru have found an exploit that has already switched 300,000 router domain name system (DNS) servers, which could in turn be used to redirect web traffic.

There are a lot of unanswered questions, though. Why is the culprit doing it? Why has it gone undetected for so long? And who is behind the mysterious 3NT Solutions, the hosting company that registered the two DNS servers? But perhaps strangest of all, given that as yet there is no evidence that the DNS servers are doing anything differently than normal ones, what are they for and what are they doing?

The two-year old exploit has mostly been patched in the US, UK and Western Europe, but Asia, Eastern Europe and Asia still have significant numbers of vulnerable routers. It is said that a particularly large number of infected machines are in Vietnam.

Although there is no evidence of any malicious use of the network it has created, at least so far, there is no reason not to believe that at some point the machines' true purpose could be realised. The DNS servers could, for example, be used to direct customers to a dummy internet banking website in order to steal credentials.

For now however, the origin of this attack on the integrity of the internet is a mystery and Team Cymru is cooperating with law enforcement efforts to trace the culprits. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Dead electronic devices to be banned on US-bound flights

Will the new rules banning uncharged devices be effective?