Click here to get back home

ZLob/DNSChanger Trojan now can modify DNS Servers in your SOHO Router
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.security.virus    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
ZLob/DNSChanger Trojan now can modify DNS Servers in your SOHO Router David H. Lipman 06-13-2008
Posted by David H. Lipman on June 13, 2008, 5:50 pm
Please log in for more thread options
 A variant of the ZLob Trojan known as DNSChanger has been known to modify the
DNS servers on
your PC. Thus you get directed to malicious web sites instead of the web site
you are
trying to get to.

Now there is a variant of the DNSChanger, installer ~300KB, that can use TCP
port 80 and a
dictionary of passwords to modify the DNS Server list on SOHO Routers.

http://www.trustedsource.org/blog/42/New-DNSChanger-Trojan-hacks-into-routers
http://blog.washingtonpost.com/securityfix/2008/06/malware_silently_alters_wirele_1.html


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp




Posted by John Doe on June 14, 2008, 8:22 am
Please log in for more thread options
 Is there a fix for this yet?

>A variant of the ZLob Trojan known as DNSChanger has been known to modify
>the DNS servers on
> your PC. Thus you get directed to malicious web sites instead of the web
> site you are
> trying to get to.
>
> Now there is a variant of the DNSChanger, installer ~300KB, that can use
> TCP port 80 and a
> dictionary of passwords to modify the DNS Server list on SOHO Routers.
>
> http://www.trustedsource.org/blog/42/New-DNSChanger-Trojan-hacks-into-routers
>
http://blog.washingtonpost.com/securityfix/2008/06/malware_silently_alters_wirele_1.html
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>
>



Posted by David H. Lipman on June 14, 2008, 8:29 am
Please log in for more thread options

| Is there a fix for this yet?
|

You would have to make sure your AV software is up-to-date. For this to happen,
a PC on the
LAN side of the Router would have to already be infected.

You would examine both the DNS Servers on the PC and on the Router. If they
don't show the
ISP DNS suggested servers but something like 85.255.x.y then you would have to
change the
Router back to the ISP suggested DNS servers. Then you should password protect
the Router
using a unique "strong" password.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Posted by What's in a Name? on June 16, 2008, 3:12 pm
Please log in for more thread options

with this jewel:
>
>> Is there a fix for this yet?
>>
>
> You would have to make sure your AV software is up-to-date. For this
> to happen, a PC on the LAN side of the Router would have to already
> be infected.
>
> You would examine both the DNS Servers on the PC and on the Router.
> If they don't show the ISP DNS suggested servers but something like
> 85.255.x.y then you would have to change the Router back to the ISP
> suggested DNS servers. Then you should password protect the Router
> using a unique "strong" password.

Thanks for the heads-up David.
Changed my router's password to a "strong" one.

max
--
Virus Removal http://max.shplink.com/removal.html
I block all spam/googlegroupers-you can too!
http://improve-usenet.org/index.html
Change nomail.afraid.org to gmail.com to reply by email.



Similar ThreadsPosted
ZLob/DNSChanger Trojan now can modify DNS Servers in your SOHO Router June 13, 2008, 5:05 pm
Is anybody using Eset NOD32 on their servers? November 28, 2005, 10:22 am
Wierd Processes Running on Windows 2003 Servers July 16, 2006, 9:42 am
Need for firewall when machines are behind a NAT router ? December 1, 2005, 1:40 am
Re: Malware Attacking Your Router? June 20, 2008, 2:57 pm
Trojan June 24, 2005, 4:34 pm
Trojan August 2, 2005, 8:42 pm
Trojan August 19, 2005, 11:31 pm
trojan by icq November 4, 2005, 3:40 am
Trojan November 7, 2005, 12:45 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap