- http://www.themalaysianinsider.com/
- http://www.thestar.com.my/
- www.adcash.com
- down.mobimobcell.com
- cldlr.com
- 93902.api-05.com
- LookerPlusMat.apk
All non HTTPS website are affected |
Yes, it adware is on my iphone, One if the safest device in the world with ad ware.
What i have suspected:
- I first thought themalaysian insider was spreading some malware. I even reported it to their adminstrator.
- I then notice it only happen to my wifi, home network time fiber. I have no problem with my Maxis LTE. I tried my wife's iPhone 5s, same problem with wifi - same problem. Now, it gotta be the ISP. Called but the said not their problem.
- I kept trying until I found the moon:
What is The Moon malware?I followed what was suggested in the KB: link but the issue persist. I notice it only happen to non HTTPS websites. It only affect HTTP and on my IOS devices. My desktop IE and Firefox was alright.
The Moon malware bypasses authentication on the router by logging in without actually knowing the admin credentials. Once infected, the router starts flooding the network with ports 80 and 8080 outbound traffic, resulting in heavy data activity. This can be manifested as having unusually slow Internet connectivity on all devices.
To cut the story short: The culprit:
I know it was my router (Linksys E1200 V2) with latest firmware 2.0.06. Until I found check on the suspicious static DNS in my router:
A quick google on 104.131.237.53 and I found this link. Finally, I have nailed the culprit. I do not know how but the some websites has remotely updated the static DNS in my router without me knowing. I have them changed to Google public DNS: 8.8.8.8 and 8.8.4.4 and my problem is solved!
I hope this post would help others with similar issue.