ZLob/DNSChanger Trojan now can modify DNS Servers in your SOHO Router

D

David H. Lipman

Guest
A variant of the ZLob Trojan known as DNSChanger has been known to modify the DNS servers on

your PC. Thus you get directed to malicious web sites instead of the web site you are

trying to get to.

Now there is a variant of the DNSChanger, installer ~300KB, that can use TCP port 80 and a

dictionary of passwords to modify the DNS Server list on SOHO Routers.

http://www.trustedsource.org/blog/42/New-D...ks-into-routers

http://blog.washingtonpost.com/securityfix...s_wirele_1.html

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

 
J

John Doe

Guest
Is there a fix for this yet?

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

news:epofv9ZzIHA.3496@TK2MSFTNGP03.phx.gbl...<span style="color:blue">

>A variant of the ZLob Trojan known as DNSChanger has been known to modify

>the DNS servers on

> your PC. Thus you get directed to malicious web sites instead of the web

> site you are

> trying to get to.

>

> Now there is a variant of the DNSChanger, installer ~300KB, that can use

> TCP port 80 and a

> dictionary of passwords to modify the DNS Server list on SOHO Routers.

>

> http://www.trustedsource.org/blog/42/New-D...ks-into-routers

> http://blog.washingtonpost.com/securityfix...s_wirele_1.html

>

>

> --

> Dave

> http://www.claymania.com/removal-trojan-adware.html

> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

>

>

> </span>

 
D

David H. Lipman

Guest
From: "John Doe" <johndoe@microsoft.com>

| Is there a fix for this yet?

|

You would have to make sure your AV software is up-to-date. For this to happen, a PC on the

LAN side of the Router would have to already be infected.

You would examine both the DNS Servers on the PC and on the Router. If they don't show the

ISP DNS suggested servers but something like 85.255.x.y then you would have to change the

Router back to the ISP suggested DNS servers. Then you should password protect the Router

using a unique "strong" password.

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

 
W

What's in a Name?

Guest
In news:#VtEZphzIHA.5108@TK2MSFTNGP05.phx.gbl,

David H. Lipman <DLipman~nospam~@Verizon.Net> after much thought,came up

with this jewel:<span style="color:blue">

> From: "John Doe" <johndoe@microsoft.com>

><span style="color:green">

>> Is there a fix for this yet?

>></span>

>

> You would have to make sure your AV software is up-to-date. For this

> to happen, a PC on the LAN side of the Router would have to already

> be infected.

>

> You would examine both the DNS Servers on the PC and on the Router.

> If they don't show the ISP DNS suggested servers but something like

> 85.255.x.y then you would have to change the Router back to the ISP

> suggested DNS servers. Then you should password protect the Router

> using a unique "strong" password.</span>

Thanks for the heads-up David.

Changed my router's password to a "strong" one.

max

--

Virus Removal http://max.shplink.com/removal.html

I block all spam/googlegroupers-you can too!

http://improve-usenet.org/index.html

Change nomail.afraid.org to gmail.com to reply by email.

 
You must log in or register to reply here.
Top Bottom