1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: DNS Changer Attack

Web Attack: DNS Changer Attack

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detects malicious scripts in page that may perform CSRF attack to change the DNS server on victim's routers.

Additional Information

Attacker inject a website with javascript to automatically make request to router, possibly with default credential to change router's DNS setting.


  • Vulnerable routers that don't have CSRF token or misconfigured with weak password.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube