Attackers are targeting more than 166 router models with an exploit kit called DNSChanger that is being distributed via malvertising. Researchers at Proofpoint said the exploit kit is unique because the malvertising component of the attack doesn’t target browsers, rather a victim’s router.
Some of the vulnerable routers include specific models made by D-Link, Netgear and those that serve the SOHO market such as Pirelli and Comtrend, according to Proofpoint which published its research Tuesday. Owners of routers vulnerable to DNSChanger are urged to update their equipment’s firmware.
The router vulnerability exploited by DNSChanger is not to be confused vulnerabilities found in Netgear routers last week that could allow an attack to gain root access to devices remotely.