Report for AS44060 UkrTeleGroup Ltd, a Ukrainian Web Hosting company.
Brian Krebs, January 30, 2009 -The Washington Post.
Troubled Ukrainian Host Sidelined
Craig Schmugar, December 4, 2008 -Avertlabs Blog.
DNSChanger Trojans v4.0
Here’s a brief rundown of the main DNS-changing Trojan tactics used to date:
1. Modify Windows Hosts file to map specific domain names to specific IP addresses (McAfee classifies these Trojans as QHOSTS Trojans, more of a precursor to DNSChangers
2. Modify Windows registry settings to reference specific (rogue) DNS servers [DNSChanger.f]
3. Create a scheduled task under Mac OS X to reference specific (rogue) DNS servers [OSX/Puper]
4. Exploit cross-site request forgery vulnerabilities in routers to overwrite the DNS server configuration offered to local area network clients [DNSChanger.f]We’ve now seen a new tactic, which has the potential of impacting most devices on the local network–independent of the operating system or device (Windows, Linux, Internet-capable MP3 players, digital picture frames, refrigerators, you name it). The tactic involves serving the rogue DNS server configuration over DHCP, the protocol responsible for distributing dynamic IP addresses, as well as other information, including DNS settings.
{ 0 comments }
