Hat tip to Brian Krebs's Security Fix blog in the Washington Post for pointing out a new malware variant with a new twist: It changes the DNS settings on your router so that all of your traffic goes through malicious DNS servers controlled by the attackers.
The malware, a variant of the "Zlob" Trojan, also known as DNSChanger, rang a bell with me. That's because an earlier variant of this malware did the same thing with the system DNS. Switching to the network DNS is not quite a revolutionary move, but it is a powerful upgrade of technique.
According to Krebs, who consulted with Sunbelt Software, the attack relies on the routers having default usernames and passwords for the admin pages, and on standard file names for those pages. Users who take the wise precaution of changing the router password are not vulnerable to this aspect of the Trojan.
No comments:
Post a Comment