Evolving DNS malware
Symantec researchers have reported finding a variation on the old DNSChanger trojan that installs a rogue DHCP server simulation on local networks. This means that even uninfected machines on the network can get re-directed to malicious servers.
DNSChanger has been present in the wild for some time and was originally designed to change local DNS servers in the operating system. Both Windows and Mac OS machine were vulnerable. The next step was to changing DNS server settings in ADSL routers. The rogue DHCP server version is the latest mutation.
The exact mechanism used by this malware is explained in an Internet Storm Centre blog. Symantec assign a – Risk Level 1: Very Low – to this infection.
See also:
- Trojan.Flush.M, Symantec report
- DNSChanger Trojans v4.0, McAfee report on DNSChanger
(trk)