New DNS trojan taints entire LAN from single box


  1. Airbot
    Posts : 18,404
    Windows 7 Ultimate x64 SP1
       New #1

    New DNS trojan taints entire LAN from single box


    Internet security experts are warning of a new rash of malware attacks that can hijack the security settings of a wide variety of devices on a local area network, even when they are hardened or don't run on Windows operating systems.

    Once activated, the trojan sets up a rogue DHCP, or dynamic host configuration protocol, server on the host machine. From there, other devices using the same LAN are tricked into using a malicious domain name system server, instead of the one set up by the network administrator. The rogue DNS server sends the devices to fraudulent websites that in many cases can be hard to identify as impostors.
    more:The Register
      My Computer
    Quote Quote

  3. Copyright
    Posts : 102
    Windows 7 x64 7229
       New #2

    This can be prevented with ample security. No bruteforcer is going to get into my router. My hosts file is read only, and really, what are they going to do if they are able to change my DNS?
      My Computer
    Quote Quote

  4. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #3

    Copyright said:
    This can be prevented with ample security. No bruteforcer is going to get into my router. My hosts file is read only, and really, what are they going to do if they are able to change my DNS?
    A DNS changer 'hijack' will send you to their chosen server ... the computer will then be infected with malware (Bots come to mind here); possibly helping themselves to passwords and critical information on the infected machine. It's not uncommon at all anymore
      My Computer
    Quote Quote

  6. limneos
    Posts : 1,009
    Windows 7 RC 7100 32bit/64bit
       New #4

    Copyright said:
    This can be prevented with ample security. No bruteforcer is going to get into my router. My hosts file is read only, and really, what are they going to do if they are able to change my DNS?
    Well, imagine you type e.g. google.com in the address bar, and instead, it opens 888.com or other malware infecting websites...Even worse, without you knowing, it could just change the DNS to some hidden adv frames and instead of advertisements on the MSN messenger pane, you would have some very nice malicious files saved and doing their nasty job on your machine, probably Bots like Jacee said...

    This can be done by assigning you DNS servers which have wrong Name Resolutions.

    Although I doubt setting up a whole DHCP server would pass unnoticed...

    I had a client's laptop last week with manually assigned DNS entries from malware... pointing to some 83...87..IP address don't remember exactly.
      My Computer
    Quote Quote

  7. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #5

    Most likely 85.255.xxx.xx something like that limneos?

    Yep.... bad, bad stuff and it isn't getting better.

    Sometimes I just want to say, "wipe it all and do a clean install".
      My Computer
    Quote Quote

 

  Related Discussions
I'm having an odd issue wherein pressing a single key will immediately fill the entire allowable space with that key press. For example, pressing the "a" key will fill, immediately, the entire allowable space with "aaaaaaaaaaaaaaaaaaa". Similarly pressing backspace will immediately remove...
Hi, I have Window7 Ultimate 64 bit on my system. I use Bitfender as my antivirus software. This morning it informed me that it has found a file infected with a virus called 'Trojan.Generic.2582177' which it cannot clean. I've contacted Bitfender to see if they know what I should do but haven't...
Entire GPU
in Hardware & Devices

I recently downloaded Flight Simulator X Deluxe, and When I ran a gadget on my desktop, it wasn't using the full GPU. What I want to know what to do is how to make the game utilize my entire GPU. Dell XPS 15 (laptop) 6 GBs RAM 640 GB HDD 2 GB Graphics (Nvidia GeForce GT 435M) Intel i7...
A little help,please.Got this trojan earlier.It disabled MSE,MBAM,Internet,CCleaner,and pretty much anything .exe.Claimed everything was infected...so says whatever fake AV program that came with it.(I wish I could figure out how to use the indention tool here)I had to restart,open task manager...
ENTIRE HDD Erased!
in General Discussion

Hello, I will make a big story now: A few weeks ago I freshly installed Win 7 Professional with a student key. I noticed that my program settings wouldn't be saved, so I made a thread here, someone told me to modify the registry and add something(program settings like Mozilla wouldn't find...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 03:40.
Find Us