ERT Information

ERTOnline.com - Your online guide to electrical news and product information

Home

V.I.P Club

Product Videos

News

Fact Sheets

Product News

Industry Comments & Blogs

Blog

Blog Archive

Hannam's Half Hour

Knightline

21st century Fox

Talking Shop

Forum

Going Dutch Archive

Online Supplements

ERTV

Industry Road Shows

Business Directory

Take a Town

ERT Awards 2011

Competitions

Electrical Events

Jobs

Photo Gallery

Subscribe

ERT Survey Results

Testimonials

Ask The Expert
ERT Jobs
Stay ahead of the competition
> Go
RSS Blog Feed

Fox Vox - by Barry Fox
Back
20 August 2010

Barry Fox looks into a scary new PC virus that affects broadband modem routers and finds that the problem originates from Russia. 

Do want to hear something really scary? Then let me tell you about a virus that infects broadband modem routers.

Over the last year I have lost several weekends helping a family member get rid of a virus that redirects normal Google search results to incorrect websites, such as Maxnetfinder.

Just before the wrong page appears there is a brief flash of a message identifying Clickr or Results5 as the rogue redirection tools.

The issue is confused because redirection does not always happen. A few searches give the correct directions, then redirection starts again.

Anti-virus and Spyware programs - like the excellent free scan tool MalwareBytes - either find nothing or fix the problem only temporarily.

For a few hours Google works normally. Then the virus rises from its ashes and starts misdirecting again.

So if a dealer cleans a customer's PC it may work when it leaves the shop, but the customer could be back on the doorstep next day.

Recently I found the answer to why this is happening. The settings of the router have been infected.

Websites are identified to each other by a long computer number or IP address. But they are also identified by human-friendly Plain English names.

We use the names and computers use the numbers. A Domain Name Server (DNS) converts numbers to names and vice versa.

When installed on a broadband line, a modem and router will usually use the DNS chosen by the Internet Service Provider or broadband provider.

So the ISP/ broadband provider is in control of how the PC finds websites.

When I checked the router of the infected PC, it was set to use a DNS at the unfamiliar IP addresses 21.3.109.67.109 and 213.109.73.170.

So I used one of the free lookup services to check who owns these addresses.

And guess what? They are both in Russia! So someone in Russia was controlling the results of Google searches.

Who knows which came first, the router infection or the PC infection. Who knows where the infection came from, or how long it had lain dormant to disguise its source.

What matters is that changing the router DNS settings back to where they should have been, ensuring that the router Admin password was not still set to the factory default, and checking that the router was not set to remember its own password, stopped the misdirections - hopefully permanently.

This kind of work, checking the customer's router as well as their PC, plus some additional checking of the PC's Network Properties TCP/IP settings, will be way over the heads of most customers.

So it is good business for skilled dealers.

Barry Fox

 

Email the editor

Print this article

Social Network

Facebook

Twitter