ZLob/DNSChanger Trojan now can modify DNS Servers in your SOHO Router

[Guest David H. Lipman]

A variant of the ZLob Trojan known as DNSChanger has been known to modify the DNS servers on

your PC. Thus you get directed to malicious web sites instead of the web site you are

trying to get to.

 

Now there is a variant of the DNSChanger, installer ~300KB, that can use TCP port 80 and a

dictionary of passwords to modify the DNS Server list on SOHO Routers.

 

http://www.trustedsource.org/blog/42/New-D...ks-into-routers

http://blog.washingtonpost.com/securityfix...s_wirele_1.html

 

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Guest John Doe]

Is there a fix for this yet?

 

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

news:epofv9ZzIHA.3496@TK2MSFTNGP03.phx.gbl...<span style="color:blue">

>A variant of the ZLob Trojan known as DNSChanger has been known to modify

>the DNS servers on

> your PC. Thus you get directed to malicious web sites instead of the web

> site you are

> trying to get to.

>

> Now there is a variant of the DNSChanger, installer ~300KB, that can use

> TCP port 80 and a

> dictionary of passwords to modify the DNS Server list on SOHO Routers.

>

> http://www.trustedsource.org/blog/42/New-D...ks-into-routers

> http://blog.washingtonpost.com/securityfix...s_wirele_1.html

>

>

> --

> Dave

> http://www.claymania.com/removal-trojan-adware.html

> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

>

>

> </span>

[Guest David H. Lipman]

From: "John Doe" <johndoe@microsoft.com>

 

| Is there a fix for this yet?

|

 

You would have to make sure your AV software is up-to-date. For this to happen, a PC on the

LAN side of the Router would have to already be infected.

 

You would examine both the DNS Servers on the PC and on the Router. If they don't show the

ISP DNS suggested servers but something like 85.255.x.y then you would have to change the

Router back to the ISP suggested DNS servers. Then you should password protect the Router

using a unique "strong" password.

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Guest What's in a Name?]

In news:#VtEZphzIHA.5108@TK2MSFTNGP05.phx.gbl,

David H. Lipman <DLipman~nospam~@Verizon.Net> after much thought,came up

with this jewel:<span style="color:blue">

> From: "John Doe" <johndoe@microsoft.com>

><span style="color:green">

>> Is there a fix for this yet?

>></span>

>

> You would have to make sure your AV software is up-to-date. For this

> to happen, a PC on the LAN side of the Router would have to already

> be infected.

>

> You would examine both the DNS Servers on the PC and on the Router.

> If they don't show the ISP DNS suggested servers but something like

> 85.255.x.y then you would have to change the Router back to the ISP

> suggested DNS servers. Then you should password protect the Router

> using a unique "strong" password.</span>

 

Thanks for the heads-up David.

Changed my router's password to a "strong" one.

 

max

--

Virus Removal http://max.shplink.com/removal.html

I block all spam/googlegroupers-you can too!

http://improve-usenet.org/index.html

Change nomail.afraid.org to gmail.com to reply by email.