Browser hijacked? Random tabs created with ads? Think it’s malware? Think again

May 24th, 2014 | By | Category: Internet, Technology

So the past couple of weeks I’ve gone through a fun little experience that looked a lot like a malware infection that I couldn’t be cleaned.  I ran every tool in the book and nothing seemed to prevent these tabs from opening up in Chrome with links to these bullshit pages telling me to upgrade my Windows 7 drivers, or upgrade flash, or whatever.  Blatant phishing pages.

It wasn’t until the same thing started happening on our ipad that I realized this wasn’t a localized issue and that our DNS was probably hijacked.  So I went into our router admin and sure enough the DNS was set to 50.30.37.164

Lesson learned here is to keep that router firmware up to date but better still is to install DD-WRT  If you’re going to be flashing your router may as well stick something a bit more badass on there 🙂

For my E3200 the instructions were here: http://www.dd-wrt.com/wiki/index.php/Linksys_E3200

2 Comments to “Browser hijacked? Random tabs created with ads? Think it’s malware? Think again”

  1. Nostra says:

    From the “Misery Loves Company” Department… I found your post during a Google search, due to the fact that my Linksys E3000 Router’s DNS settings were Hi-Jacked by the exact same DNS numbers you posted above. I’ve also been experiencing exactly the issues you reported above, which also led me to look at my Router settings, as that was the common denominator. So, it appears we both got hit by the same issue… but I’m still not sure HOW it happened.

    I found it to be interesting that both of us are using extremely similar Routers (Linksys E3000 & E3200), as well as the fact that this seems to have occurred within both our systems during a very similar time period. So, I did some additional research and found the following article, which indicates that we both may have been hit by “The Moon”!

    http://www.welivesecurity.com/2014/02/17/mysterious-moon-worm-spreads-into-many-linksys-routers-and-hunts-new-victims/

    I’ve since updated my Router’s DNS setting (using Google’s addresses) and all seems to be working fine again. I hope your system is now secure, as well, and that my feedback has helped shed some additional light on this issue.

  2. admin says:

    Thanks for stopping by and sharing your experience too. I think the best bet really is to get DD-WRT on there as it’s going to be more secure and updated more often.. Etiher that or buy a whole new router all together 🙂

Leave a Comment