Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

General Security General Security
Search Search
Search for:
Tech Support Guy > > >

Solved: Can a Linksys router be infected?


(!)

Aggy's Avatar
Aggy Aggy is offline
Computer Specs
Senior Member with 106 posts.
THREAD STARTER
 
Join Date: Feb 2005
Location: United States
Experience: Intermediate
07-Apr-2010, 09:06 PM #1
Solved: Can a Linksys router be infected?
I've unplugged my infected computer and I have a clean computer I'm ready to connect through my router. Do routers get infected or am I safe to connect my clean computer up?
Phantom010's Avatar
Phantom010 has a Photo Album
Computer Specs
Trusted Advisor with 32,315 posts.
 
Join Date: Mar 2009
Location: Cyberspace
Experience: Advanced
07-Apr-2010, 09:40 PM #2
Yes, routers can be infected.
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,565 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
07-Apr-2010, 09:43 PM #3
It's very rare but it can happen. It doesn't get infected from the computer, it would be more like if you didn't change the default username/password and have admin control allowable from the internet.
Then malware can be installed into the router allowing the remote user to gain access to the internal network.
__________________
Microsoft MVP - Consumer Security
If we've helped you, please donate to TSG!
Aggy's Avatar
Aggy Aggy is offline
Computer Specs
Senior Member with 106 posts.
THREAD STARTER
 
Join Date: Feb 2005
Location: United States
Experience: Intermediate
07-Apr-2010, 10:29 PM #4
Okay, thank you!
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,565 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
07-Apr-2010, 11:15 PM #5
alexcarlson's Avatar
alexcarlson alexcarlson is offline
Member with 53 posts.
 
Join Date: Mar 2010
08-Apr-2010, 06:15 AM #6
Hi,
I think routers will be infected.
Thanks
Stoner's Avatar
Account Disabled with 44,931 posts.
 
Join Date: Oct 2002
Location: Dayton,Oh
08-Apr-2010, 08:07 AM #7
Just for information, I don't have a problem.
How would you determine a router is infected?
Can an infected router be 'cleaned' and if so, how?
Aggy's Avatar
Aggy Aggy is offline
Computer Specs
Senior Member with 106 posts.
THREAD STARTER
 
Join Date: Feb 2005
Location: United States
Experience: Intermediate
08-Apr-2010, 10:01 AM #8
Stoner I have the same question. I have successfully connected through this router, but the software tells me I'm not connected, even though I am, I'm using it now. I've changed the password again, but I am uneasy. I tried to call technical support only to be told I'm beyond warranty and have to pay to get support, then given a sales pitch for a new router and some kind of maintenance agreement to boot. wtf??
antimoth's Avatar
antimoth antimoth is offline
Member with 361 posts.
 
Join Date: Aug 2009
Experience: long live the 6502
08-Apr-2010, 11:10 AM #9
If you think your router is compromised, hit the reset button, which will clear any user settings. Then load the latest firmware, if you feel competent there. You will also have to reset your Wifi password/settings and redo the admin password.

Routers provide your PC with DNS addresses. These are the nameserver computers on the Internet that translate a techguy.org to its IP address (209.183.226.152). If the DNS address were changed to a hacked nameserver, they could give you the IP for a fake website. Some articles say we need to be wary when using public WIFI for example. The router could be using suspect DNS addresses. How do you know? You don't. So you can change the DNS address in Windows on a temporary or permanent basis. For people that want to do this, one place is OpenDNS.org. Bythe way, if you can set a DNS in windows, so can a virus.

Getting back to routers, some do allow user input of the DNS addresses. Others get them from the ISP. I have a Linksys WRT54G and I cannot see a way to change the DNS. I think the firmware would need to be hacked. You have to cooperate by having no passwords or a simple one that can be easily cracked. It seems pretty far fetched that someone would hack one user's home router, but an airport or hotel wifi network would be an inviting target.

Last edited by antimoth; 08-Apr-2010 at 11:17 AM..
Aggy's Avatar
Aggy Aggy is offline
Computer Specs
Senior Member with 106 posts.
THREAD STARTER
 
Join Date: Feb 2005
Location: United States
Experience: Intermediate
08-Apr-2010, 11:18 AM #10
Thank you very much. Mine too is WRT54G. I am loathe to reset it because my husband has his laptop configured to be online through this thing and I'm scared to mess up his connection. I might end up doing it anyway.
Aggy's Avatar
Aggy Aggy is offline
Computer Specs
Senior Member with 106 posts.
THREAD STARTER
 
Join Date: Feb 2005
Location: United States
Experience: Intermediate
08-Apr-2010, 01:34 PM #11
Rant on:

Forget this POS wireless router. I unplugged it and hooked up my old D-Link. I never wanted the wireless router in the first place; my husband made me get it so he could use his laptop in the den while he watches TV and it's been squirrelly all along. Maybe it has a virus and maybe it doesn't but I don't have time to screw around anymore. I've got to be packed up and out of this house in two weeks. I've already wasted way too much time on this amazing technology I'm despising more by the minute. Thank GOD I didn't throw out my D-Link. I just need a clean computer and a reasonably safe router so I can check my bank accounts to make sure they haven't all been emptied because of my infected main computer. Then I'm going to pack the whole sorry mess up and take it to the new house where I will either repair the infected computer or take it out back and empty a few dozen 9mm rounds into it.

Rant off

Now I will go take a Valium, eat some chocolate, and watch my soap opera.
KingZeus's Avatar
KingZeus KingZeus is offline
Computer Specs
Junior Member with 10 posts.
 
Join Date: Apr 2010
Location: Toronto, Canada
Experience: Intermediate
09-Apr-2010, 02:25 AM #12
I read some where that the linksys 54gl can get infected , theres plug some where to fix i'll have to re read and get back here
phyrtech's Avatar
phyrtech phyrtech is offline
Member with 39 posts.
 
Join Date: Mar 2010
Location: Minneapolis, MN USA
Experience: Einstein
09-Apr-2010, 04:00 AM #13
I have not, in ten years of residential and business IT support, seen an actual case of a malware infected router. I am not saying that it cannot happen. Your BIOS could get infected with a virus and still allow the computer to boot too (again, never seen it).

I have, however, seen spurious information entered into routers. It is usually my conclusion that the router has been compromised either via an externally accessible remote control panel (a "feature" of the router) or that the wireless network has been compromised because it is either not secured or someone cracked the WEP.

If we are referring to the Zlob trojan, then it would be a misnomer to say the router is infected. The Zlob trojan will alter the DNS settings of the router, but this is easily fixed by resetting the router or changing the DNS settings back (once the Zlob infection has been removed, of course).

In April of 2009, a botnet named psyb0t was identified that would attack external remote control "features" of router with weak passwords. Again, the router itself doesn't not become infected, merely compromised. To fix this, reset the router and disable remote access. Also, this attack did not utilize an exploit in the router firmware, but rather the fact that the passwords were weak.

And then there is the Chuck Norris botnet... Well, this, I suppose you could call an infection of a router. And what do you know, it is caused by the remote access "feature." It also only affects D-Link routers. Reset the router and disable remote access.
phyrtech's Avatar
phyrtech phyrtech is offline
Member with 39 posts.
 
Join Date: Mar 2010
Location: Minneapolis, MN USA
Experience: Einstein
09-Apr-2010, 04:04 AM #14
Quote:
Originally Posted by Stoner View Post
Just for information, I don't have a problem.
How would you determine a router is infected?
Can an infected router be 'cleaned' and if so, how?
To determine if your router has been tampered with, log in to the configuration and validate all of your settings. Really if you find any settings that are not what you set them to, your router has likely been compromised (if you have kids, they probably did it).

To date, I am not aware of any problems that cannot be "cleaned" by doing a factory reset on the device. The worst of the infections is the Chuck Norris botnet which actually runs as a memory-resident program in the router's RAM. This can be cleaned by power cycling the router.
Aggy's Avatar
Aggy Aggy is offline
Computer Specs
Senior Member with 106 posts.
THREAD STARTER
 
Join Date: Feb 2005
Location: United States
Experience: Intermediate
09-Apr-2010, 08:43 AM #15
Thanks for these replies. This is very helpful. The information does appear to be normal. I doubt the router has been compromised. I'm learning stuff in this thread I didn't know.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑