1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Can a Linksys router be infected?

Discussion in 'General Security' started by Aggy, Apr 7, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Aggy

    Aggy Thread Starter

    Joined:
    Feb 18, 2005
    Messages:
    106
    I've unplugged my infected computer and I have a clean computer I'm ready to connect through my router. Do routers get infected or am I safe to connect my clean computer up?
     
  2. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,048
    Yes, routers can be infected.
     
  3. Cheeseball81

    Cheeseball81 Moderator Malware Specialist

    Joined:
    Mar 3, 2004
    Messages:
    83,938
    It's very rare but it can happen. It doesn't get infected from the computer, it would be more like if you didn't change the default username/password and have admin control allowable from the internet.
    Then malware can be installed into the router allowing the remote user to gain access to the internal network.
     
  4. Aggy

    Aggy Thread Starter

    Joined:
    Feb 18, 2005
    Messages:
    106
    Okay, thank you!
     
  5. Cheeseball81

    Cheeseball81 Moderator Malware Specialist

    Joined:
    Mar 3, 2004
    Messages:
    83,938
  6. alexcarlson

    alexcarlson

    Joined:
    Mar 9, 2010
    Messages:
    53
    Hi,
    I think routers will be infected.
    Thanks
     
  7. Stoner

    Stoner Banned

    Joined:
    Oct 26, 2002
    Messages:
    44,931
    Just for information, I don't have a problem.
    How would you determine a router is infected?
    Can an infected router be 'cleaned' and if so, how?
     
  8. Aggy

    Aggy Thread Starter

    Joined:
    Feb 18, 2005
    Messages:
    106
    Stoner I have the same question. I have successfully connected through this router, but the software tells me I'm not connected, even though I am, I'm using it now. I've changed the password again, but I am uneasy. I tried to call technical support only to be told I'm beyond warranty and have to pay to get support, then given a sales pitch for a new router and some kind of maintenance agreement to boot. wtf??
     
  9. antimoth

    antimoth

    Joined:
    Aug 8, 2009
    Messages:
    361
    If you think your router is compromised, hit the reset button, which will clear any user settings. Then load the latest firmware, if you feel competent there. You will also have to reset your Wifi password/settings and redo the admin password.

    Routers provide your PC with DNS addresses. These are the nameserver computers on the Internet that translate a techguy.org to its IP address (209.183.226.152). If the DNS address were changed to a hacked nameserver, they could give you the IP for a fake website. Some articles say we need to be wary when using public WIFI for example. The router could be using suspect DNS addresses. How do you know? You don't. So you can change the DNS address in Windows on a temporary or permanent basis. For people that want to do this, one place is OpenDNS.org. Bythe way, if you can set a DNS in windows, so can a virus.

    Getting back to routers, some do allow user input of the DNS addresses. Others get them from the ISP. I have a Linksys WRT54G and I cannot see a way to change the DNS. I think the firmware would need to be hacked. You have to cooperate by having no passwords or a simple one that can be easily cracked. It seems pretty far fetched that someone would hack one user's home router, but an airport or hotel wifi network would be an inviting target.
     
  10. Aggy

    Aggy Thread Starter

    Joined:
    Feb 18, 2005
    Messages:
    106
    Thank you very much. Mine too is WRT54G. I am loathe to reset it because my husband has his laptop configured to be online through this thing and I'm scared to mess up his connection. I might end up doing it anyway.
     
  11. Aggy

    Aggy Thread Starter

    Joined:
    Feb 18, 2005
    Messages:
    106
    Rant on:

    Forget this POS wireless router. I unplugged it and hooked up my old D-Link. I never wanted the wireless router in the first place; my husband made me get it so he could use his laptop in the den while he watches TV and it's been squirrelly all along. Maybe it has a virus and maybe it doesn't but I don't have time to screw around anymore. I've got to be packed up and out of this house in two weeks. I've already wasted way too much time on this amazing technology I'm despising more by the minute. Thank GOD I didn't throw out my D-Link. I just need a clean computer and a reasonably safe router so I can check my bank accounts to make sure they haven't all been emptied because of my infected main computer. Then I'm going to pack the whole sorry mess up and take it to the new house where I will either repair the infected computer or take it out back and empty a few dozen 9mm rounds into it.

    Rant off

    Now I will go take a Valium, eat some chocolate, and watch my soap opera.
     
  12. KingZeus

    KingZeus

    Joined:
    Apr 9, 2010
    Messages:
    10
    I read some where that the linksys 54gl can get infected , theres plug some where to fix i'll have to re read and get back here
     
  13. phyrtech

    phyrtech

    Joined:
    Mar 22, 2010
    Messages:
    39
    I have not, in ten years of residential and business IT support, seen an actual case of a malware infected router. I am not saying that it cannot happen. Your BIOS could get infected with a virus and still allow the computer to boot too (again, never seen it).

    I have, however, seen spurious information entered into routers. It is usually my conclusion that the router has been compromised either via an externally accessible remote control panel (a "feature" of the router) or that the wireless network has been compromised because it is either not secured or someone cracked the WEP.

    If we are referring to the Zlob trojan, then it would be a misnomer to say the router is infected. The Zlob trojan will alter the DNS settings of the router, but this is easily fixed by resetting the router or changing the DNS settings back (once the Zlob infection has been removed, of course).

    In April of 2009, a botnet named psyb0t was identified that would attack external remote control "features" of router with weak passwords. Again, the router itself doesn't not become infected, merely compromised. To fix this, reset the router and disable remote access. Also, this attack did not utilize an exploit in the router firmware, but rather the fact that the passwords were weak.

    And then there is the Chuck Norris botnet... Well, this, I suppose you could call an infection of a router. And what do you know, it is caused by the remote access "feature." It also only affects D-Link routers. Reset the router and disable remote access.
     
  14. phyrtech

    phyrtech

    Joined:
    Mar 22, 2010
    Messages:
    39
    To determine if your router has been tampered with, log in to the configuration and validate all of your settings. Really if you find any settings that are not what you set them to, your router has likely been compromised (if you have kids, they probably did it).

    To date, I am not aware of any problems that cannot be "cleaned" by doing a factory reset on the device. The worst of the infections is the Chuck Norris botnet which actually runs as a memory-resident program in the router's RAM. This can be cleaned by power cycling the router.
     
  15. Aggy

    Aggy Thread Starter

    Joined:
    Feb 18, 2005
    Messages:
    106
    Thanks for these replies. This is very helpful. The information does appear to be normal. I doubt the router has been compromised. I'm learning stuff in this thread I didn't know. :)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/915464