A new variant of router malware has been uncovered that injects unwarranted ads and pornography into websites by modifying the router's DNS settings.

The malware can hijack nearly every website on the internet, but it is being mostly used to peddle porn sites.

Uncovered by Ara Labs, the router malware intercepts the Google Analytics code found in most websites, redirecting requests to the attacker's server that sends back ads and porn in response.

Since so many websites use Google Analytics for traffic statistics, it becomes the perfect target for this sort of DNS attack.

It can be quite a lucrative business if the hackers can infect a large number of routers.

The hackers install the malware by exploiting the fact that many people don't change their router's default login credentials. It attempts to send unauthenticated configuration requests to routers.

Ara Labs didn't specify what routers are affected, but keeping your router's firmware up to date and changing the default login credentials pretty much protects the system.

Traditional anti-virus software won't pick up router-based malware, as no component of the malware is actually installed on your PC.

(Picture thanks to https://privacycanada.net).