Overclock.net › Forums › Industry News › Software News › [bitTech] Trojan modifies routers' DNS
New Posts  All Forums:Forum Nav:

[bitTech] Trojan modifies routers' DNS

post #1 of 7
Thread Starter 
Quote:
If you're still running your broadband router on its default settings, now would be a very good time to change.

CNet, citing an entry on SecureComputing's TrustedSource blog made last week, has highlighted a new variant of the DNSChanger trojan designed to target routers and change the addresses used for DNS resolution.

The Domain Name Service, or DNS, is the system by which plain-text names like bit-tech.net are converted to IP addresses like 91.198.165.67. A computer wishing to visit a website queries a central server, often hosted by your ISP, which contains a massive database of these translations in order to figure out where to go. By reconfiguring the router to point at compromised servers containing poisoned DNS records, a hacker is able to cause every host on that network to think it's visiting one site when it's actually browser one under the cracker's control. You might think you're visiting your bank's website, but it's really a phishing system run by the attacker.

The trojan accomplishes the router reconfiguration by attempting a dictionary attack on the router's management interface. Shipping with a preconfigured list of default logins for common home and office routers, the trojan attempts a login on the default gateway IP for the infected host every hundred milliseconds. Although the malware only knows about a set number of common devices – the fact that each manufacturer tends towards its own, custom-built web interface rather than an industry standard is acting in the customers' favour for a change – that's no comfort if yours in on the list, nor does it preclude the release of a future variant with a more robust list of vulnerable systems.

While it's unlikely that tech-savvy bit-tech readers will be hit by this rather nasty bug – we all run virus scanners, or operating systems immune to such nasties, right? – it's a sobering reminder that leaving network-connected devices set to their factory defaults is a rather daft thing to be doing.

Source
post #2 of 7
Leaving any device on Factory login settings is just so silly. I have never left my routers on Default.
post #3 of 7
Reminds of someone saying that the largest Wi-Fi hotspot is the one with SSID = linksys
Gutted
(13 items)
 
  
CPUMotherboardGraphicsRAM
E8400 4GHz 1.26V Asus Rampage Formula X38 0403 2x Diamond Radeon HD3870 Crossfire G.Skill DDR2-PC8000 2x2GB 
Hard DriveOptical DriveOSMonitor
2xWD Caviar 500GB RAID0 Lite-ON DVDRW Vista Ultimate x64 HP w2207 
PowerCase
Thermaltake 600W Ultra Grid 
  hide details  
Reply
Gutted
(13 items)
 
  
CPUMotherboardGraphicsRAM
E8400 4GHz 1.26V Asus Rampage Formula X38 0403 2x Diamond Radeon HD3870 Crossfire G.Skill DDR2-PC8000 2x2GB 
Hard DriveOptical DriveOSMonitor
2xWD Caviar 500GB RAID0 Lite-ON DVDRW Vista Ultimate x64 HP w2207 
PowerCase
Thermaltake 600W Ultra Grid 
  hide details  
Reply
post #4 of 7
i purposely leave my ssid as linksys so all the kiddies around my neighborhood try to "hax" me. using a WEP key too its fun watching them sit in their car attempting to crack my key
Needs More Red
(20 items)
 
  
CPUMotherboardGraphicsRAM
i7 3770k Asrock Z77 Extreme4 Gigabyte Windforce 290X OC 4GB Samsung DDR3-1600 Low Voltage 
RAMHard DriveHard DriveHard Drive
4GB Samsung DDR3-1600 Low Voltage 1TB Samsung F3 2TB Samsung F4 OCZ Agility 3 256GB 
Optical DriveOptical DriveCoolingOS
Samsung 24x DVD+-RW Lite-On 12x Bluray Burner Coolermaster Hyper 212 EVO Windows 8.1 Pro x64 
MonitorPowerCaseMouse
Yamakasi Catleap Q270 Antec TruePower 850W Thermaltake V4 Black Logitech G400s 
Mouse PadAudioAudio
Steelseries QCK Ultrasone Pro 900 Fiio E17 
  hide details  
Reply
Needs More Red
(20 items)
 
  
CPUMotherboardGraphicsRAM
i7 3770k Asrock Z77 Extreme4 Gigabyte Windforce 290X OC 4GB Samsung DDR3-1600 Low Voltage 
RAMHard DriveHard DriveHard Drive
4GB Samsung DDR3-1600 Low Voltage 1TB Samsung F3 2TB Samsung F4 OCZ Agility 3 256GB 
Optical DriveOptical DriveCoolingOS
Samsung 24x DVD+-RW Lite-On 12x Bluray Burner Coolermaster Hyper 212 EVO Windows 8.1 Pro x64 
MonitorPowerCaseMouse
Yamakasi Catleap Q270 Antec TruePower 850W Thermaltake V4 Black Logitech G400s 
Mouse PadAudioAudio
Steelseries QCK Ultrasone Pro 900 Fiio E17 
  hide details  
Reply
post #5 of 7
I've never figured out how someone can crack an encryption key...and it's against the TOS to ask.

Good thing I never leave my router's with default settings

~Gooda~
Water Cooled Quad
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 Engineering Sample MSI P5N Diamond XFX Radeon 4850 4x2GB G.Skill DDR2-1000 
Hard DriveOptical DriveOSMonitor
640GB Boot - 2x 640GB Backup/Storage Lite-On DVD-R Windows 7 Professional x64 Samsung 245BW (24") 
KeyboardPowerCaseMouse
G15 Ultra X3 850W RocketFish (Lian-Li) by Cyberdruid Microsoft Wireless 6000 
  hide details  
Reply
Water Cooled Quad
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 Engineering Sample MSI P5N Diamond XFX Radeon 4850 4x2GB G.Skill DDR2-1000 
Hard DriveOptical DriveOSMonitor
640GB Boot - 2x 640GB Backup/Storage Lite-On DVD-R Windows 7 Professional x64 Samsung 245BW (24") 
KeyboardPowerCaseMouse
G15 Ultra X3 850W RocketFish (Lian-Li) by Cyberdruid Microsoft Wireless 6000 
  hide details  
Reply
post #6 of 7
Your asking for it if you leave your router on default anyways.
    
CPUMotherboardGraphicsRAM
Intel i7-4790k @ Stock ASrock Fatal1ty Z97 Killer 2x XFX 6950 Unlocked HyperX Savage 2x8GB 
Hard DriveCoolingOSMonitor
250GB Crucial MX200 Corsair H100i V2 Windows 10 64-bit Crossover 2795 QHD 
KeyboardPowerCaseAudio
CM Quickfire TK EVGA P2 1000w Corsair Carbide 240 JDS Labs cMoy BB/Fiio E10 + HD 598/Q701 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel i7-4790k @ Stock ASrock Fatal1ty Z97 Killer 2x XFX 6950 Unlocked HyperX Savage 2x8GB 
Hard DriveCoolingOSMonitor
250GB Crucial MX200 Corsair H100i V2 Windows 10 64-bit Crossover 2795 QHD 
KeyboardPowerCaseAudio
CM Quickfire TK EVGA P2 1000w Corsair Carbide 240 JDS Labs cMoy BB/Fiio E10 + HD 598/Q701 
  hide details  
Reply
post #7 of 7
Quote:
Originally Posted by r34p3rex View Post
i purposely leave my ssid as linksys so all the kiddies around my neighborhood try to "hax" me. using a WEP key too its fun watching them sit in their car attempting to crack my key
You should go down there and bang on their Window for fun.
Lee XT
(17 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX-6300 Asus M5A97 SAPPHIRE Radeon HD 7850 AMD 4GB DDR3 1333MHZ 
RAMRAMRAMHard Drive
AMD 4GB DDR3 1333MHZ AMD 4GB DDR3 1333MHZ AMD 4GB DDR3 1333MHZ OCZ Vertex 4 256GB 
CoolingOSMonitorKeyboard
Corsair H80 Windows 8.1 Pro MCE Dell P2414H WHXV7  Microsoft Generic 
PowerCaseMouseMouse Pad
Ultra 600W Limited Edition NZXT Black Steel Razer Deathadder Razer Goliath 
Audio
Realtek HD Audio 
  hide details  
Reply
Lee XT
(17 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX-6300 Asus M5A97 SAPPHIRE Radeon HD 7850 AMD 4GB DDR3 1333MHZ 
RAMRAMRAMHard Drive
AMD 4GB DDR3 1333MHZ AMD 4GB DDR3 1333MHZ AMD 4GB DDR3 1333MHZ OCZ Vertex 4 256GB 
CoolingOSMonitorKeyboard
Corsair H80 Windows 8.1 Pro MCE Dell P2414H WHXV7  Microsoft Generic 
PowerCaseMouseMouse Pad
Ultra 600W Limited Edition NZXT Black Steel Razer Deathadder Razer Goliath 
Audio
Realtek HD Audio 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [bitTech] Trojan modifies routers' DNS