Arris Modem Widespread Malware Attack DNS posioning!!
There is definitely something going on with internet service. Apparently Arris Modem/Router has a critical backdoor that hasn't been patched. Last month my entire network was compromised. DNS traffic was being redirected to malcious servers. This was very well done, I think I may have been infected for at least 2 months. The attack was stealth.
Symptoms
Empty folders
Timestamp manipulation
Hides malicious applications, in random folders, and alters timestamp to make it hard to detect early on.
Controls the clicks of computer mouse.
Keylogger
Downloads fake certificates
Task manager had tons of .exe processors
Updates legit software with malicious script
Screenshots, video capture.
System restore or installing Windows 10 will try and make it look like a fresh install but really it's fake, made to look just like the real thing.
Then came the botnet activity and, Denial of Service, and then my router was destroyed.
Even after I unplugged my computer from the network, they were still able have some control.
Any devices that were conected to the network will be affected
Internet would disconnect
Hacker has replaced my network connection with different network that was redirecting my connection to hacker server.
So I was given a new router new IP address, and I tested it on a different computer that was unaffected and I monitored for about a week. Then I start noticing suspicious activity Devices Managment installed 10 different type of Network adapters. Then IP address change and DNS traffic was being spoofed again.
Cox Customer Service and Technicians don't see a problem.
According to them the routers are very secured and there isn't a backdoor lol. There is an entire article about Arris routers.
Anybody with similar experience!!!!