Friday, June 13, 2008

Routers DNS.Changer

A new version of DNSChanger trojan has been discovered. This time, the malware doesn't only affect the system DNS settings. It targets the router itself.

From a list of different routers URLs and a dictionary of default passwords, the malware brute force the web interface and hijacks DNS settings.


List of URL from various routers


Dictionary of default login:passwords


DNSChanger IP address in Ukraine

If the attack succeeds, all computers in the network using the router DNS settings are affected. The hijacked devise can redirects connections to a fake website.

See trustedsource.org and washingtonpost.com blogs.