8 December 2008, 13:28

Evolving DNS malware

Symantec researchers have reported finding a variation on the old DNSChanger trojan that installs a rogue DHCP server simulation on local networks. This means that even uninfected machines on the network can get re-directed to malicious servers.

DNSChanger has been present in the wild for some time and was originally designed to change local DNS servers in the operating system. Both Windows and Mac OS machine were vulnerable. The next step was to changing DNS server settings in ADSL routers. The rogue DHCP server version is the latest mutation.

The exact mechanism used by this malware is explained in an Internet Storm Centre blog. Symantec assign a – Risk Level 1: Very Low – to this infection.

See also:

Trojan.Flush.M, Symantec report
DNSChanger Trojans v4.0, McAfee report on DNSChanger

(trk)

Add your comment

« previous | next »

Print version | Send by email

Share this article

Evolving DNS malware

Kernel Log: Linux 2.6.34 goes into testing

Happenings: FOSS at CeBIT 2010

Of Android and the Fear of Fragmentation

The H Update Check

Kernel Log: Stable kernels analysed, Linux without firmware, new graphics drivers

What's new in Linux 2.6.33

Keeping the Web open and mobile

SSL for free - step by step

Testing email with encryption

Shortened-breaks

The H Security Conficker information site

KDE SC 4.4: Fresh breeze for KDE

Health Check: FreeBSD - "The unknown giant"

New life for dead software

Price Insight Top 10

The H

The H open source

The H Security

The H Internet Toolkit