ZLob/DNSChanger Trojan now can modify DNS Servers in your SOHO Router

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
A variant of the ZLob Trojan known as DNSChanger has been known to modify the
DNS servers on
your PC.  Thus you get directed to malicious web sites instead of the web site
you are
trying to get to.

Now there is a variant of the DNSChanger, installer ~300KB, that can use TCP
port 80 and a
dictionary of passwords to modify the DNS Server list on SOHO Routers.

http://www.trustedsource.org/blog/42/New-DNSChanger-Trojan-hacks-into-routers
http://blog.washingtonpost.com/securityfix/2008/06/malware_silently_alters_wirele_1.html

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: ZLob/DNSChanger Trojan now can modify DNS Servers in your SOHO Router

I always update my anti-virus software regularly so I should be OK.

Thanks for the news anyway.

--
PC Slowing Down?  Hardware Problems?
http://andrewmcgovernonline.com/pcrepair /


Quoted text here. Click to load it
http://blog.washingtonpost.com/securityfix/2008/06/malware_silently_alters_wirele_1.html
Quoted text here. Click to load it



Re: ZLob/DNSChanger Trojan now can modify DNS Servers in your SOHO Router

There are other exploits that do this as well. The best protection against
this is to use a strong password on your router.

--
Kerry Brown



Quoted text here. Click to load it


Re: ZLob/DNSChanger Trojan now can modify DNS Servers in your SOHO Router


| There are other exploits that do this as well. The best protection against
| this is to use a strong password on your router.
|

Yes.  There have been discussions about SOAP in conjunction with uPnP.  However
using uPnP
you may be able to bypass the TCP port 80 authentication.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: ZLob/DNSChanger Trojan now can modify DNS Servers in your SOHO Router

Quoted text here. Click to load it


And turn off uPnP. I forgot about that. It's the first thing I do with
anything I set up that may have it enabled. If you can believe this
Microsoft wants uPnP turned on so they can automagically configure the
router with the still in beta SBS 2008. Trustworthy computing :-)

--
Kerry Brown




Site Timeline