Plusnet Customers’ DNS Problems

PlusnetReports from British ISP Plusnet say that many of their subscribers have been hit by an attack that modifies the DNS setting on their routers and directs them to phishing websites. A spokesman for the ISP said

It appears that some of our customers, (and no doubt a number of other people out on the internet) running TP-Link, Linksys and Edimax routers have been compromised due a vulnerability which appears to allow the allocated DNS server in the router to be changed.

This means requests to domains like Facebook or Google are being redirected on ALL devices behind the router to a website which contains a malicious payload disguised as a Flash update.