Attackers serve their own ads by hijacking Google Analytics
Attackers change the DNS settings of a router via javascript, in order to serve advertisements on other websites. This is according to research by Ara Labs. Attackers use Google Analytics code to serve the ads.
The hack, whose scope is unknown, roughly consists of two stages, explains Ara Labs. First, attackers must change the dns settings of a potential victim’s router so that the router uses the attackers’ dns server. To this end, attackers try to change the router settings via an exploit kit and using javascript. To do this, they exploit a vulnerability in the router, or try default usernames and passwords.
Then attackers intercept requests to Google Analytics servers. In addition, the javascript code of Google Analytics is used to serve its own javascript code, which takes care of advertisements. This allows the attackers to inject their own ads on all websites that have Google Analytics, including pornography ads.
Users can defend themselves against the attack by completely patching their router software, and not using standard usernames and passwords, AraLabs said.