To pull this off, the hacker has been exploiting a known vulnerability (Opens in a new window) in the vendor's RouterOS software that allows for remote administrative access to the device. "It is hard to say what the attacker is up to with these many SOCKS4 proxies but we think this is something significant," Netlab said in its report. Netlab researchers also noticed the scheme sniffing data related to a network management protocol that average consumers rarely use. It isn't clear for what purpose, but so far, the attacker appears to be harvesting FTP (File Transfer Protocol) data, in addition to messaging and email traffic over SMTP, POP3, and IMAP. However, Netlab is warning that the threat could expand since the hacker enabled the same data-forwarding protocol, called SOCKS4, in another 239,000 MikroTik routers. Routers in dozens of countries-including Russia, Iran, Brazil and the US-have all been ensnared in the eavesdropping scheme. The hacker has been actively forwarding the network traffic from over 7,500 vulnerable MikroTik routers around the globe to servers under the attacker's control, according (Opens in a new window) to security researchers at Qihoo 360's Netlab. ![]() If you own a MikroTik router, now's a good time to check if your software is up to date, as a mysterious attacker has been exploiting these devices to secretly eavesdrop on their internet traffic. How to Set Up Two-Factor Authentication.How to Record the Screen on Your Windows PC or Mac.How to Convert YouTube Videos to MP3 Files.How to Save Money on Your Cell Phone Bill. ![]()
0 Comments
Leave a Reply. |