Spam Campaign Exploits Router Security Flaws, Proofpoint Warns

Security specialist Proofpoint has provided another reason why users need to tighten up their passwords and overall security for their networking routers.

It comes after Avast warned home owners they need to realise their home router, and not the PC, is now potentially vulnerable to hackers.

Router Spam

Proofpoint’s warning is to do with spam emails that can use default passwords to hack routers. This attack is apparently an update to a focused phishing campaign that appeared in Brazil in September last year. Essentially, phishers send out spam that contains links, which when clicked, alters the settings on vulnerable routers.

“Over the course of four weeks, from December 2014 to mid-January 2015, Proofpoint researchers detected four distinct URLs distributed in a relatively narrow campaign of less than 100 email messages sent to a small number of organisations, and targeting primarily Brazilian users,” said Proofpoint in a blog posting.

Its internal analysis of the messages and links suggested the attacks were aimed at customers who owned UTStarcom and TP-Link home routers.

The Sunnyvale, California warned that these bogus spam emails were made to look like they were sent from Brazil’s largest telecommunications company, warning users about an unpaid bill. In reality however, the spam email contains links that would hack the homeowners router.

“In a clever twist, the attackers use the telco’s name as the lure in a phishing email intended to hack that same telco’s router equipment,” said the company.

The way those malicious links work is that they direct the user to a webpage designed to look like the telecom provider homepage. What then happens is that the bogus webpage contains code that sneakily attempts to execute a cross-site request forgery attack on known vulnerabilities in two types of routers.

“The pages attempt to call a variety of default or common IP addresses for home network routers (for example,, as well as known default passwords for these devices,” warned Proofpoint.

“In short, if the phishing email recipient clicks the link and the vulnerability is successfully exploited, any computer behind the hacked router (that is, anyone connecting wired or wirelessly to that router) would potentially have their computer query a malicious DNS server to lookup any hostname on the Internet,” said the company.

Router Security

Router security has become an increasingly important issue in recent years.

Last month, mobile operator EE admitted to a flaw in the Brightbox routers it provides to the home broadband customers that could allow a hacker to remotely access user’s account and personal information.

And research last month also revealed that the notorious hacking group Lizard Squad has been using unsecured home internet routers to power its LizardStresser service, which is used for DDoS (Distributed Denial of Service) attacks against certain targets.

What do you know about Internet security? Find out with our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

TikTok ‘Halts E-Commerce Expansion Plans’

TikTok reportedly scraps plans to expand TikTok Shop livestream commerce in Europe and US after…

1 hour ago

European Parliament Passes Landmark Tech Regulations

European Parliament votes to adopt Digital Markets Act and Digital Services Act, but campaigners warn…

2 hours ago

Indian Economic Police Raid Offices Of Smartphone Maker Vivo

Indian economic crime agency Enforcement Directorate raids dozens of locations across India belonging to China's…

4 hours ago

French Music Service Deezer Slumps On Market Debut

Spotify and Apple Music competitor Deezer falls below opening price after long-delayed IPO in Paris…

4 hours ago

Foxconn Expects Stronger Sales In Spite Of Economic Gloom

iPhone manufacturer Foxconn revises full-year expectations upward amidst strong consumer and data centre demand, bucking…

6 hours ago

Samsung ‘To See Profits Jump’ On Data Centre Demand

Industry analysts expect Samsung's profits to jump 15 percent for the second quarter as strong…

6 hours ago