A variant of the Zlob virus has emerged that can tweak DNS entries on standard commercial routers from an infected Windows PC. It uses a built-in list of standard router usernames and passwords. Successful attacks have already been observed on Linksys BEFSX41 routers and a Buffalo router using DD-WRT open source firmware.
Attackers can then redirect all internet traffic to their own servers. For the criminals, the advantage to manipulating a router is that it is more difficult for normal users to detect than an attack against a PC. The virus makes its way onto the computer by posing as a video codec, palmed off on users by malicious web sites.