You’ve got to have your wits about you these days: scammers and hackers are everywhere. From the patently obvious email and Facebook scams to the invisible keyloggers and fake websites that steal your passwords and identities, it’s almost as if you can’t escape them. Even your router is hackable, and here we’ll explain what to look for and how to fix a router infected with malware.
First of all, it’s important to note that not many UK routers have been hacked. What typically happens is that cyber criminals use weak security to change your router’s settings – usually the DNS (Domain Name Servers). This can be dangerous since your router could then redirect your web browser to fake versions of websites. Since they look the same as sites you already know, you type in your username and password and hand your login straight to the hackers.
This is why it’s important to check in your browser that the site is the genuine article, especially if it’s your bank or any other financial institution. Such websites have https:// at the start of their address and your browser should also a padlock symbol. These aren’t guarantees, which is why it’s worth checking your router to make sure it’s using the correct DNS.
How to check your router’s DNS servers
You will need to log in to your router’s settings, which is accessed via a web browser. Here’s our guide on logging in even if you don’t know its IP address, username or password.
Every router is different, but you should check its menus for DNS servers. They are usually in the WAN, Broadband or Internet connection menu.
In most cases, it should be set to “Automatically obtain DNS server settings from ISP”. This means it will use the server addresses from your internet provider: BT, TalkTalk, Sky, Virgin or other supplier.
If it’s set to “Use the following” and numbers are present, check these using Google to find out if they are within the ranges allocated by your ISP. If they don’t match up, be suspicious. Note that you can’t simply enter the numbers into Google as it will try to open it as a website. Instead, include the name of your ISP, for example: “BT DNS 220.127.116.11”.
Either enter the correct DNS servers (there are usually two different addresses, a primary and a secondary, such as 18.104.22.168 and 22.214.171.124) or change the setting to automatically obtain the addresses, save the changes and reboot your router. (It should tell you it needs to reboot, and either do it automatically or ask you to click ok.)
How to rid your router of malware
We’ve already explained how to check your router is using the correct DNS settings, but if after a reboot or unplugging from the mains for a minute, your router is still reporting spurious DNS servers, it could be infected with malware.
The only way to remove this is to install the latest firmware from your router manufacturer. As before, every router is different, so you’ll have to look through its settings menus to find the option to upgrade the firmware.
And if your router is using the wrong DNS servers, it’s best to download the latest firmware using a different router, which probably means doing it at work or a friend’s house, unless you have an old router lying around.
Head to your router manufacturer’s website, look for a Support section and then search for your particular router model. This is always printed on a sticker somewhere on the router.
You’ll have to download the firmware to your hard disk or a USB stick. Then, back in the router’s menus, look for an Upgrade firmware option and direct the router to where your firmware file is saved. It might be possible to plug in a USB stick containing the firmware directly to the USB port on your router, but you’ll still need a laptop or PC to start the update process.
If your router won’t accept the file because of the malware, it might – in extreme cases – be necessary to replace the router with a new one.