New DNSChanger Trojan variant targets routers

New variant of trojan changes DNS look-up settings on routers, putting any computer on the network at risk of being sent to malicious Web sites.

Secure Computing researchers have discovered a new variant of the DNSChanger Trojan in the wild that attacks routers, meaning any Web surfing computer on that network could be at risk of being redirected to a malicious Web site.

The DNSChanger Trojan changes the DNS settings to point to a host Web site address supplied by the attackers, Sven Krasser, director of data mining research at Secure Computing, said in an interview with CNET News.com on Tuesday.

"Your network is essentially reconfigured to do all the (domain) name resolutions over this malicious name server," he said.

The DNSChanger Trojan is able to access all the settings and functions on the router. It only knows about a few popular router Web interface URLs that it can use to change DNS settings at this time, but that is expected to change and more routers will be affected, according to a Secure Computing blog entry.

The Trojan is believed to be created by the creators of the family of malware called "Zlob," which masquerades as an ActiveX video codec.

A new variant of the DNSChanger Trojan attacks routers so that non-existing domain names are added by the malware. These rogue DNS servers, located in the Ukraine, resolve any domain name you provide and redirect to Web sites that look like the one in this screenshot. Secure Computing
About the author

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.

 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

HOT ON CNET

Need a digital detox?

Not everything has to be shared on the Internet. Our experts at The Fix help you take control of what you share online.