In association with heise online

08 December 2008, 12:28

Evolving DNS malware

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Symantec researchers have reported finding a variation on the old DNSChanger trojan that installs a rogue DHCP server simulation on local networks. This means that even uninfected machines on the network can get re-directed to malicious servers.

DNSChanger has been present in the wild for some time and was originally designed to change local DNS servers in the operating system. Both Windows and Mac OS machine were vulnerable. The next step was to changing DNS server settings in ADSL routers. The rogue DHCP server version is the latest mutation.

The exact mechanism used by this malware is explained in an Internet Storm Centre blog. Symantec assign a – Risk Level 1: Very Low – to this infection.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit