ZLob/DNSChanger Trojan now can modify DNS Servers in your SOHO Router

[David H. Lipman]

A variant of the ZLob Trojan known as DNSChanger has been known to modify the DNS servers on
your PC. Thus you get directed to malicious web sites instead of the web site you are
trying to get to.

Now there is a variant of the DNSChanger, installer ~300KB, that can use TCP port 80 and a
dictionary of passwords to modify the DNS Server list on SOHO Routers.

http://www.trustedsource.org/blog/42/New-DNSChanger-Trojan-hacks-into-routers
http://blog.washingtonpost.com/securityfix/2008/06/malware_silently_alters_wirele_1.html


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

 

[John Doe]

Is there a fix for this yet?

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:epofv9ZzIHA.3496@TK2MSFTNGP03.phx.gbl...
>A variant of the ZLob Trojan known as DNSChanger has been known to modify
>the DNS servers on
> your PC. Thus you get directed to malicious web sites instead of the web
> site you are
> trying to get to.
>
> Now there is a variant of the DNSChanger, installer ~300KB, that can use
> TCP port 80 and a
> dictionary of passwords to modify the DNS Server list on SOHO Routers.
>
> http://www.trustedsource.org/blog/42/New-DNSChanger-Trojan-hacks-into-routers
> http://blog.washingtonpost.com/securityfix/2008/06/malware_silently_alters_wirele_1.html
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>
>

 

[David H. Lipman]

From: "John Doe" <johndoe@microsoft.com>

| Is there a fix for this yet?
|

You would have to make sure your AV software is up-to-date. For this to happen, a PC on the
LAN side of the Router would have to already be infected.

You would examine both the DNS Servers on the PC and on the Router. If they don't show the
ISP DNS suggested servers but something like 85.255.x.y then you would have to change the
Router back to the ISP suggested DNS servers. Then you should password protect the Router
using a unique "strong" password.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

 

[What's in a Name?]

In news:#VtEZphzIHA.5108@TK2MSFTNGP05.phx.gbl,
David H. Lipman <DLipman~nospam~@Verizon.Net> after much thought,came up
with this jewel:
> From: "John Doe" <johndoe@microsoft.com>
>
>> Is there a fix for this yet?
>>
>
> You would have to make sure your AV software is up-to-date. For this
> to happen, a PC on the LAN side of the Router would have to already
> be infected.
>
> You would examine both the DNS Servers on the PC and on the Router.
> If they don't show the ISP DNS suggested servers but something like
> 85.255.x.y then you would have to change the Router back to the ISP
> suggested DNS servers. Then you should password protect the Router
> using a unique "strong" password.

Thanks for the heads-up David.
Changed my router's password to a "strong" one.

max
--
Virus Removal http://max.shplink.com/removal.html
I block all spam/googlegroupers-you can too!
http://improve-usenet.org/index.html
Change nomail.afraid.org to gmail.com to reply by email.