DNS Changer 2.0
123 views
Skip to first unread message
XMACHINE
Dec 20, 2008, 3:19:40 PM12/20/08
to Extreme-security
DNS Changer 2.0 (Trojan.Flush.M) is the next –in the wild- variant of
this famous malware. Now the strategy has been changed, no need to
modify the DNS settings on ADSL routers. Instead it will install a
network driver (NDISProt.sys) which allows the malware to send/receive
raw Ethernet packets. Such approach will help it bypass Windows TCP/
IP, FW and HIPS.
It installs a rogue DHCP server on the infected machine and listens
for DHCP requests and responds with its own crafted DHCP offer
packets. The reply contains malicious DNS servers, which will redirect
hosts to infected websites that include everything from phishing to
exploit-and-infect pages.
The question is how to protect and prevent such attacks.
Continue Reading ...
http://extremesecurity.blogspot.com/2008/12/dns-chanager-20.html
this famous malware. Now the strategy has been changed, no need to
modify the DNS settings on ADSL routers. Instead it will install a
network driver (NDISProt.sys) which allows the malware to send/receive
raw Ethernet packets. Such approach will help it bypass Windows TCP/
IP, FW and HIPS.
It installs a rogue DHCP server on the infected machine and listens
for DHCP requests and responds with its own crafted DHCP offer
packets. The reply contains malicious DNS servers, which will redirect
hosts to infected websites that include everything from phishing to
exploit-and-infect pages.
The question is how to protect and prevent such attacks.
Continue Reading ...
http://extremesecurity.blogspot.com/2008/12/dns-chanager-20.html
Reply all
Reply to author
Forward
0 new messages