A variant of the DNSChanger Trojan targets routers. It alters the DNS settings of the router and points them to some rogue DNS servers in the Ukraine. Once infected, a router will redirect any domain name that is entered into the router. At this point the Trojan can only access a few different routers, but that is expected to change. The point of infection is a false ActiveX video codec.
How much potential does something like this have? Trusted Source gives a pretty good idea:
Please do note that this behavior is entirely controlled by the attackers’ DNS servers. These could even redirect existing domain names to servers hosting crafted content (Phishing) or servers dynamically modifying real content. Once your DNS settings are under control, the bad possibilities are nearly unlimited. And, even clean machines are affected once a previous infection on just one client behind the shared router successfully cracked the router login.
Scary, isn’t it? I mean you can always format a hard drive and reinstall an operating system, but a router doesn’t give a whole lot of options. Be careful with your ActiveX settings. [Trusted Source, CNET]
Related Posts :
Tags: router, scary, Security, Trojan-horse
3 responses
Jun 19, 2008 at 7:15 am
Good thing there are no Active X settings on my mac, huh?
Oct 24, 2008 at 10:56 am
Andreas, are you seriously thrilled that you are not compatible with 92%+ of desktop users? Being different is fine, but I like it when my toys work with everybody else’s other toys.
Oct 25, 2008 at 8:30 am
Oh, yes! I have no compatibility problems, and their toys work fine with mine, where it counts. Thankfully, viruses, worms, trojans and associate malware don’t work with my system. I am thrilled indeed.
Leave a Comment
From Around The Web