Forum Discussion

Smilezjp's avatar
Smilezjp
New Contributor
7 years ago

Arris Modem Widespread Malware Attack DNS posioning!!

There is definitely something going on with internet service. Apparently Arris Modem/Router has a critical backdoor that hasn't been patched. Last month my entire network was compromised. DNS traffic was being redirected to malcious servers.  This was very well done, I think I may have been infected for at least 2 months.  The attack was stealth.  

Symptoms

Empty folders 

Timestamp manipulation

Hides malicious applications, in random folders, and alters timestamp to make it hard to detect early on.

Controls the clicks of computer mouse.

Keylogger

Downloads fake certificates

Task manager had tons of .exe processors 

Updates legit software with malicious script

Screenshots, video capture. 

System restore or installing Windows 10 will try and make it look like a fresh install but really it's fake, made to look just like the real thing.

Then came the botnet activity and, Denial of Service, and then my router was destroyed.  

Even after I unplugged my computer from the network, they were still able have some control. 

Any devices that were conected to the network will be affected

Internet would disconnect 

Hacker has replaced my network connection with different network that was redirecting my connection to hacker server.

So I was given a new router new IP address, and I tested it on a different computer that was unaffected and I monitored for about a week. Then I start noticing suspicious activity Devices Managment installed 10 different type of Network adapters. Then IP address change and DNS traffic was being spoofed again.

Cox Customer Service and Technicians don't see a problem.

According to them the routers are very secured and there isn't a backdoor lol. There is an entire article about Arris routers. 

Anybody with similar experience!!!!

No RepliesBe the first to reply