DNSChanger Trojan in the Wild

2008-06-17 11:08

Secure Computing researchers have discovered a new variant of the DNSChanger Trojan in the wild.

In their TrustedSource blog, the anti-malware team states "This variant conducts brute force attacks against the web interface of routers that use basic access authentication. DNSChanger is believed to be affiliated with the authors behind the large Zlob malware family. This latest trojan's aim is to gain access to routers in order to change its DNS settings to point to a host address supplied by the attackers. The devastating effect is that any DNS query coming from within that network passing through the cracked router is under control by the attackers - even users whose machines are not directly infected by DNSChanger itself might get malicious content injected when visiting their favorite web site."

The TrustedSource Anti-Malware team also wrote that while the current variant used a 'dictionary attack' to gain access, there is still a great risk to those users who do not change their router's factory default settings. "The Trojan tries one combination per approximately 100 milliseconds, which makes 600 combinations per minute."

You can read the entire TrustedSource blog post here.