DNSChanger causes network computers to visit fraudulent domains.
By Dan Goodin
As you read these words, malicious ads on legitimate websites are
targeting visitors with malware. But that malware doesn't infect their
computers, researchers said. Instead, it causes unsecured routers to
connect to fraudulent domains.
Using a technique known as steganography, the ads hide malicious code
in image data. The hidden code then redirects targets to webpages
hosting DNSChanger, an exploit kit that infects routers running
unpatched firmware or are secured with weak administrative
passwords. Once a router is compromised, DNSChanger configures it to
use an attacker-controlled domain name system server. This causes most
computers on the network to visit fraudulent servers, rather than the
servers corresponding to their official domain.