Avoid CSRF Pharming Vulnerability and MOOSE Malware

The recently uncovered CSRF pharming vulnerability and MOOSE malware take advantage of home routers with weak credentials through a Web-based tool or malware. They aim to redirect traffic to malicious sites or create social media fraud.

What are the threats?

The CSRF pharming vulnerability uses a Web-based exploit kit designed to change the domain name system (DNS) settings of routers in order to redirect traffic to malicious sites, which can potentially result in data theft. The MOOSE malware targets Linux-based routers that use default passwords to create social media fraud.

What these two vulnerabilities share in common is that they both take advantage of routers with weak credentials, such as default or weak passwords, or those running on outdated firmware versions. They also target users who click on malicious sites or advertisements.

Is my Zyxel product at risk?

Recently published research on the CSRF pharming vulnerability claimed three Zyxel routers (see table 1) were affected. In response, Zyxel has tested and verified their status (also illustrated in table 1).

As mentioned, the threats take advantage of not only the routers, but also specific Internet browsing behaviors. Zyxel believes these threats can be avoided by taking a few simple steps.

What is Zyxel doing about it?

With new threats emerging every day, Zyxel continuously updates product firmware to incorporate the latest security patches and protections. We also urge users take some basic steps listed below to avoid similar threats in the future:

1. Change the default password on your routers and increase your password strength.
2. Update your firmware to the latest available version.
3. Make sure to log out from your administrator identity after every use.
4. Be alert for suspicious links, advertisements, or websites.

Please contact your local service or sales representative if you have any further questions.