Customers of British ISP AAISP have been hit by a Pharming attack – one that modifies their DNS settings in their routers and directs them to websites that are controlled by an attacker. It turns out that this attack was part of the larger one that is being reported by Team Cymru.
The most interesting part of this incident is the ISP’s reactions and their recommendation to their customers. They suggested:
To solve the problem we are suggesting that customers replace the router or speak to their local IT support.
It seems ridiculous to suggest that someone needs a new router in this situation, but the unfortunate truth is that whenever these attacks are made and it’s not known how they were done, it’s difficult to trust anything. Simply resetting the router’s data may not be enough if the firmware has been tampered with. In such a case, the router may never be usable again.