ZLob/DNSChanger Trojan now can modify DNS Servers in your SOHO Router

  • Thread starter Thread starter David H. Lipman
  • Start date Start date
D

David H. Lipman

A variant of the ZLob Trojan known as DNSChanger has been known to modify the DNS servers on
your PC. Thus you get directed to malicious web sites instead of the web site you are
trying to get to.

Now there is a variant of the DNSChanger, installer ~300KB, that can use TCP port 80 and a
dictionary of passwords to modify the DNS Server list on SOHO Routers.

http://www.trustedsource.org/blog/42/New-DNSChanger-Trojan-hacks-into-routers
http://blog.washingtonpost.com/securityfix/2008/06/malware_silently_alters_wirele_1.html
 
I always update my anti-virus software regularly so I should be OK.

Thanks for the news anyway.
 
There are other exploits that do this as well. The best protection against
this is to use a strong password on your router.
 
From: "Kerry Brown" <[email protected]*a*m>

| There are other exploits that do this as well. The best protection against
| this is to use a strong password on your router.
|

Yes. There have been discussions about SOAP in conjunction with uPnP. However using uPnP
you may be able to bypass the TCP port 80 authentication.
 
David H. Lipman said:
From: "Kerry Brown" <[email protected]*a*m>

| There are other exploits that do this as well. The best protection
against
| this is to use a strong password on your router.
|

Yes. There have been discussions about SOAP in conjunction with uPnP.
However using uPnP
you may be able to bypass the TCP port 80 authentication.
Click to expand...


And turn off uPnP. I forgot about that. It's the first thing I do with
anything I set up that may have it enabled. If you can believe this
Microsoft wants uPnP turned on so they can automagically configure the
router with the still in beta SBS 2008. Trustworthy computing :-)
 
Back
Top