Click here to get back home

ZLob/DNSChanger Trojan now can modify DNS Servers in your SOHO Router
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.security.virus    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
ZLob/DNSChanger Trojan now can modify DNS Servers in your SOHO Router David H. Lipman 06-13-2008
Posted by David H. Lipman on June 13, 2008, 5:05 pm
Please log in for more thread options
 A variant of the ZLob Trojan known as DNSChanger has been known to modify the
DNS servers on
your PC. Thus you get directed to malicious web sites instead of the web site
you are
trying to get to.

Now there is a variant of the DNSChanger, installer ~300KB, that can use TCP
port 80 and a
dictionary of passwords to modify the DNS Server list on SOHO Routers.

http://www.trustedsource.org/blog/42/New-DNSChanger-Trojan-hacks-into-routers
http://blog.washingtonpost.com/securityfix/2008/06/malware_silently_alters_wirele_1.html

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Posted by Andrew McGovern on June 13, 2008, 5:08 pm
Please log in for more thread options
 I always update my anti-virus software regularly so I should be OK.

Thanks for the news anyway.

--
PC Slowing Down? Hardware Problems?
http://andrewmcgovernonline.com/pcrepair/


>A variant of the ZLob Trojan known as DNSChanger has been known to modify
>the DNS servers on
> your PC. Thus you get directed to malicious web sites instead of the web
> site you are
> trying to get to.
>
> Now there is a variant of the DNSChanger, installer ~300KB, that can use
> TCP port 80 and a
> dictionary of passwords to modify the DNS Server list on SOHO Routers.
>
> http://www.trustedsource.org/blog/42/New-DNSChanger-Trojan-hacks-into-routers
>
http://blog.washingtonpost.com/securityfix/2008/06/malware_silently_alters_wirele_1.html
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>



Posted by Kerry Brown on June 13, 2008, 6:44 pm
Please log in for more thread options
There are other exploits that do this as well. The best protection against
this is to use a strong password on your router.

--
Kerry Brown



>I always update my anti-virus software regularly so I should be OK.
>
> Thanks for the news anyway.
>
> --
> PC Slowing Down? Hardware Problems?
> http://andrewmcgovernonline.com/pcrepair/
>
>
>>A variant of the ZLob Trojan known as DNSChanger has been known to modify
>>the DNS servers on
>> your PC. Thus you get directed to malicious web sites instead of the web
>> site you are
>> trying to get to.
>>
>> Now there is a variant of the DNSChanger, installer ~300KB, that can use
>> TCP port 80 and a
>> dictionary of passwords to modify the DNS Server list on SOHO Routers.
>>
>> http://www.trustedsource.org/blog/42/New-DNSChanger-Trojan-hacks-into-routers
>>
http://blog.washingtonpost.com/securityfix/2008/06/malware_silently_alters_wirele_1.html
>>
>> --
>> Dave
>> http://www.claymania.com/removal-trojan-adware.html
>> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>>
>>
>
>


Posted by David H. Lipman on June 13, 2008, 8:14 pm
Please log in for more thread options

| There are other exploits that do this as well. The best protection against
| this is to use a strong password on your router.
|

Yes. There have been discussions about SOAP in conjunction with uPnP. However
using uPnP
you may be able to bypass the TCP port 80 authentication.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Posted by Kerry Brown on June 14, 2008, 12:06 am
Please log in for more thread options
>
> | There are other exploits that do this as well. The best protection
> against
> | this is to use a strong password on your router.
> |
>
> Yes. There have been discussions about SOAP in conjunction with uPnP.
> However using uPnP
> you may be able to bypass the TCP port 80 authentication.
>


And turn off uPnP. I forgot about that. It's the first thing I do with
anything I set up that may have it enabled. If you can believe this
Microsoft wants uPnP turned on so they can automagically configure the
router with the still in beta SBS 2008. Trustworthy computing :-)

--
Kerry Brown




Similar ThreadsPosted
ZLob/DNSChanger Trojan now can modify DNS Servers in your SOHO Router June 13, 2008, 5:50 pm
Is anybody using Eset NOD32 on their servers? November 28, 2005, 10:22 am
Wierd Processes Running on Windows 2003 Servers July 16, 2006, 9:42 am
Need for firewall when machines are behind a NAT router ? December 1, 2005, 1:40 am
Re: Malware Attacking Your Router? June 20, 2008, 2:57 pm
Trojan June 24, 2005, 4:34 pm
Trojan August 2, 2005, 8:42 pm
Trojan August 19, 2005, 11:31 pm
trojan by icq November 4, 2005, 3:40 am
Trojan November 7, 2005, 12:45 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap