Is my router infected? DNS settings affected

3

I see that when I browse on my mobile devices (phones, tablets) in my network, the browser gets redirected to malware/adware that says my device is damaged and I should repair it, install some software and blah blah.

I checked my router settings. Turns out that my DNS settings are changed. They are; Primary: 128.199.85.140 and Secondary: 8.8.8.8. All this while I have been using the "Automatic Assigned DNS" option which gives the ISP assigned DNS, which is automatically disabled now.. Even after enabling the "Enable Automatic Assigned DNS" option, the settings automatically revert back to the aforementioned IP addresses by disabling the "Enable Automatic Assigned DNS" option, after a while.

It's a DLink ADSL+Router. Here are the specs:

Software Version: IM_1.00

Software Date: Jun 11 2010

Bootloader (CFE) Version: before 1.0.37-5.12

soupybionics

Posted 2016-04-19T04:14:24.450

Reputation: 183

When you change it, how long does it take to change back? Also, can you find your ISPs DNS servers and put them in manually? – Michael Frank – 2016-04-19T04:27:24.737

Further more you can Report Abuse Here the Node is ran on Digital Ocean.

– NetworkKingPin – 2016-04-19T04:39:39.587

Answers

6

There have been vulnerabilities in d-link routers relating to DNS where the DNS settings can be changed remotely. These have been reported as recently as last year. So if your firmware really dates to 2010, then it is likely that it contains this vulnerability, and you should get updated firmware from D-Link.

Here is an article.

Paul

Posted 2016-04-19T04:14:24.450

Reputation: 52 173

Do a hard reset of the router then upgrade the firmware immediately. – Moab – 2016-04-19T16:38:19.223

Asked: 2016-04-19T04:14:24.450

Viewed: 208 times

Active: 2016-07-26T13:07:44.260