您的路由器是想要免费卸载您的 WiFi( freeload off your WiFi)连接或渗透您的网络的黑客的主要目标。如果它受到威胁,他们可以将您的个人或企业互联网请求重定向到受恶意软件感染的服务器。
但是,大多数人没有意识到路由器被黑客入侵( hacked)所带来的问题的严重性。制造商也在批量生产不同的设备,并且不费心更新它们,这使它们容易受到攻击。事实上,网络犯罪分子利用这一点来攻击许多路由器。
路由器恶意软件攻击的最新示例是VPNFilter 威胁( VPNFilter threat)。在大规模恶意软件攻击危及全球数千台WiFi路由器和联网设备之后,FBI 向家庭和小型办公室所有者发出紧急请求( FBI issued an urgent request),要求他们重启路由器,以阻止大规模恶意软件攻击。
此类恶意软件构成的威胁包括使路由器无法运行、阻止网络流量以及收集通过路由器的信息。您可能会丢失敏感或机密信息和数据,这可能会给您或您的企业带来巨大的问题。
显然,没有人愿意陷入这种情况,这就是为什么我们整理了本指南,介绍如何检查路由器是否存在恶意软件以及如何使其更难被黑客入侵( harder to hack)。
表明您的路由器感染了恶意软件的迹象(Malware)
如果您怀疑您的路由器出现问题,有一些常见的迹象表明可能存在黑客攻击或恶意软件攻击。要检查的危险信号包括:
- 计算机运行速度比平时慢。
- 互联网(Internet)搜索重新定位到陌生网站。
- 赎金请求消息(Ransom request messages)要求支付一笔钱以换取解锁您的数据。
- 在线帐户密码无效。
- 您的网上银行账户中缺少一些资金。
- 计算机程序随机崩溃。
- (New)您不认识的新工具栏名称出现在您的网络浏览器上。
- 屏幕上会出现几个带有虚假防病毒消息的弹出窗口。
- 新(New)软件意外安装在您的计算机上。
您的路由器已被入侵的一个主要迹象是其DNS 服务器( DNS server)。攻击者“劫持”您路由器的DNS,试图在未经您同意的情况下对其进行修改。这个想法是控制、监控和重定向您的互联网流量到网络钓鱼( phishing)站点。
例如,如果您通过连接到路由器的设备连接到您的网上银行帐户,您将被重定向到虚假版本的银行网站。如果您足够警觉,您甚至可能会注意到此类恶意网站没有HTTPS加密。从网络钓鱼站点,攻击者可以在您不知情的情况下访问您的银行会话并取出资金。
如果您的路由器的DNS被劫持,请注意以下事项:
- (Inappropriate)当您浏览通常访问的页面时,您的屏幕上会出现色情广告等不当广告。这些广告也可以修改以欺骗您。
- 您会收到警告或通知,表明您的计算机可能存在问题。
- 您的浏览器会从网上银行网站和社交媒体等热门网页重定向到虚假版本的网站。这些网络钓鱼网站会收集您的个人信息、登录凭据,有时甚至会收集您的银行凭据和信用卡信息。
如果您仍然不确定您的路由器是否有恶意软件或被黑客入侵,您可以使用F-Secure Router checker。这是一个简单的在线工具,可以快速检查路由器的健康状况,以发现潜在的恶意软件威胁和漏洞。虽然它不是最彻底的工具,但在检查您的路由器是否被感染时,它是一个很好的起点。
如果您的路由器感染(Router Is Infected)了恶意软件怎么办(Malware)
如果您发现您的路由器存在恶意软件,请采取以下一些简单步骤来最大程度地减少损害。
备份您的数据和文件(Backup Your Data And Files)
在尝试修复您的计算机或删除恶意软件之前,请将您的数据和文件备份到云存储(cloud storage)服务或外部硬盘驱动器。
以安全模式重新启动计算机(Restart Your Computer In Safe Mode)
如果您收到虚假的防病毒消息并怀疑您的路由器有恶意软件,请关闭您的计算机并以安全模式重新启动以卸载任何可疑软件。
完成后,以常规模式重新启动并检查消息是否消失,然后再次扫描您的计算机以找出任何剩余的恶意软件威胁。
保护您的路由器并安装强大的防病毒软件(Secure Your Router And Install a Strong Antivirus)
这是您的第一道防线,因为它可以在线保护您的设备。创建一个强SSID(网络名称)和密码,然后打开路由器的防火墙。
如果您想格外小心,您还可以为您的家庭或企业获取VPN (虚拟专用网络)。(VPN)
更改您的密码(Change Your Passwords)
如果有帐户因路由器攻击而被黑客入侵,请立即请求重置密码并创建一个更强大的密码。您还可以使用双重身份验证来增加安全性。
在单击它们之前,请仔细查看电子邮件中的任何链接。如果您对多个帐户使用一个密码,也请更改它们。如果您无法为所有帐户管理不同的密码,安全密码管理器会派上用场。(password manager)
您可以采取的其他步骤包括:
- 启用WPA2 加密(WPA2 encryption),而不是原来的WAP或过时的WEP。
- 将您的路由器设置为隐身模式(Stealth Mode),使攻击者更难在网上找到它。
- 安装(Install)固件更新以保护您的路由器免受任何修补漏洞的影响。
- 关闭路由器中的UPnP。此设置可用于更改您的DNS服务器,因为它通常信任来自本地网络的所有请求。
- 提醒您的家人、朋友和同事不要接受虚假的电子邮件邀请、下载或社交媒体请求和消息。
最后的想法
一旦您检查了路由器是否存在恶意软件,并且发现上面提到的大多数迹象都存在,您需要对您的计算机进行消毒以使其恢复正常运行。
随时了解(Stay)路由器、恶意软件、黑客攻击和其他网络安全问题,以帮助保护您的设备免受未来风险的影响,并让您保持警觉和了解情况。通过这种方式,您可以做出有关保护路由器、计算机和移动设备的最佳决策。
How To Check Your Router For Malware
Your routеr is a prime tаrget for hackers who want to freeload off your WiFi connection or infiltrate your network. If it’s compromised, they can redirect your personal or business internet requests to malware-infected servers.
However, most people don’t realize the magnitude of the problems that come with a router that has been hacked. Manufacturers are also mass-producing different devices and don’t bother to update them, which leaves them open to attack. In fact, cybercriminals take advantage of this to attack many routers.
The most recent example of router malware attacks is the VPNFilter threat. Following the massive malware attack that compromised thousands of WiFi routers and networked devices worldwide, the FBI issued an urgent request to home and small office owners to reboot their routers in a bid to disrupt a massive malware attack.
Among the threats such malware poses include rendering routers inoperable, blocking network traffic, and collecting information passing through the routers. You could lose your sensitive or confidential information and data, which could cause a huge problem for you or your business.
Obviously, nobody wants to be in such a situation, which is why we’ve put together this guide on how to check your router for malware and what you can do to make it harder to hack.
Signs That Your Router Is Infected With Malware
If you suspect something is off with your router, there are some common telltale signs that indicate a possible hacking or malware attack. Among the red flags to check for include:
- Computer runs slower than usual.
- Internet searches readdressed to strange sites.
- Ransom request messages demanding a sum of money in exchange for unlocking your data.
- Online account passwords aren’t working.
- Some funds are missing from your online banking account.
- Computer programs crash randomly.
- New toolbar names that you don’t recognize appear on your web browser.
- Several popup windows with fake antivirus messages appear on your screen.
- New software installed unexpectedly on your computer.
One major sign that your router has been compromised is in its DNS server. Attackers “hijack” your router’s DNS seeking to modify them without your consent. The idea is to control, monitor and redirect your internet traffic to a phishing site.
For example, if you’re connecting to your online banking account through a device connected to your router, you’ll be redirected to a fake version of the banking site. If you’re alert enough, you may even notice that such malicious sites don’t have HTTPS encryption. From the phishing site, the attacker can access your banking session and take out money without your knowledge.
Here’s what to look out for if your router’s DNS has been hijacked:
- Inappropriate ads like porn ads and others appear on your screen while you’re browsing the usual pages you visit. These ads can also be modified to trick you.
- You get warnings or notifications that indicate possible problems with your computer.
- Your browser redirects from popular web pages like online banking sites and social media to fake versions of the sites. These phishing sites collect your personal information, login credentials, sometimes even your banking credentials and credit card information.
If you’re still not sure whether your router has malware or has been hacked, you can the F-Secure Router checker. It’s a simple online tool that quickly checks the health of your router for potential malware threats and vulnerabilities. Although it’s not the most thorough tool to use, it’s a good place to start when checking if your router is infected.
What To Do If Your Router Is Infected With Malware
If you discover your router has malware, here are some simple steps to take to minimize the damage.
Backup Your Data And Files
Before trying to fix your computer or remove malware, backup your data and files to a cloud storage service or to an external hard drive.
Restart Your Computer In Safe Mode
If you get a false antivirus message and suspect your router has malware, turn off your computer and restart it in safe mode to uninstall any suspicious software.
When you’re done, restart in regular mode and check if the messages are gone, and then scan your computer again to pick out any remaining malware threats.
Secure Your Router And Install a Strong Antivirus
This is your first line of defense as it protects your devices online. Create a strong SSID (network name) and password, and turn on your router’s firewall.
You can also get a VPN (virtual private network) for your home or business if you want to be extra cautious.
Change Your Passwords
If there are accounts that have been hacked as a result of the router attack, request a password reset immediately and create a stronger one. You can also use two-factor authentication for added security.
Look closely at any links in your emails before clicking on them. If you use one password for multiple accounts, change them too. A secure password manager comes in handy if you’re not able to manage different passwords for all your accounts.
Other steps you can take include:
- Enable WPA2 encryption instead of the original WAP or the outdated WEP.
- Set your router to Stealth Mode making it harder for attackers to find it online.
- Install firmware updates to protect your router from any patched flaws.
- Turn off UPnP in your router. This setting can be used to change your DNS server as it usually trusts all requests from your local network.
- Alert your family, friends and colleagues not to accept fake email invitations, downloads or social media requests and messages.
Final Thoughts
Once you’ve checked your router for malware, and you find most of the signs mentioned above are present, you need to disinfect your computer to restore it to normal functioning.
Stay informed about routers, malware, hacking and other cybersecurity issues to help protect your devices from future risks and keep you alert and informed. This way, you can make the best decisions about protecting your router, computer and mobile devices.