A Digital Age Deserves A Digital Leader

Malware Silently Alters Wireless Router Settings-Story

Malware Silently Alters Wireless Router Settings-Story

Postby augie » Fri Jun 13, 2008 5:54 pm

A new Trojan horse masquerading as a video "codec" required to view content on certain Web sites tries to change key settings on the victim's Internet router so that all of the victim's Web traffic is routed through servers controlled by the attackers.

According to researchers contacted by Security Fix, recent versions of the ubiquitous "Zlob" Trojan (also known as DNSChanger) will check to see if the victim uses a wireless or wired hardware router. If so, it tries to guess the password needed to administer the router by consulting a built-in list of default router username/password combinations. If successful, the malware alters the victim's domain name system (DNS) records so that all future traffic passes through the attacker's network first. DNS can be thought of as the Internet's phone book, translating human-friendly names like example.com into numeric addresses that are easier for networking equipment to handle.

While researchers have long warned that threats against hardware routers could one day be incorporated into malicious software, this appears to be the first time this behavior has been spotted in malware released into the wild.

The type of functionality incorporated into this version of the Zlob Trojan is extremely concerning for a number of reasons. First, Zlob is among the most common type of Trojan downloaded onto Windows machines. According to Microsoft, the company's malicious software removal tool zapped some 14.3 million instances of Zlob-related malware from customer machines in the second half of 2007.

Washington Post
Everything that irritates us about others can lead us to an understanding of ourselves. -- Carl Jung

eVGA X58 tri-SLI, i7 930 @ 3.8GHz., Corsair 6GB Dominator, Inno3D GTX470, eVGA260
ASUS P8P67 Pro, i7 2600K @4.60 GHz, 8GB RAM, eVGA GTX 460
Community Director
User avatar
Posts: 7870
Joined: Mon Aug 26, 2002 1:55 am
Location: Laurentians, Quebec

Postby augie » Fri Jun 13, 2008 6:00 pm

This is for people who haven't changed their default username and password. I'm sure there will be other exploits on the way, either socially engineered or just by an inadvertent click. This would also be a good time to secure your wireless router from hitchhikers stealing your bandwidth.;)
Everything that irritates us about others can lead us to an understanding of ourselves. -- Carl Jung

eVGA X58 tri-SLI, i7 930 @ 3.8GHz., Corsair 6GB Dominator, Inno3D GTX470, eVGA260
ASUS P8P67 Pro, i7 2600K @4.60 GHz, 8GB RAM, eVGA GTX 460
Community Director
User avatar
Posts: 7870
Joined: Mon Aug 26, 2002 1:55 am
Location: Laurentians, Quebec

Postby mnemonicj » Fri Jun 13, 2008 7:37 pm

Bandwidth sharing is not a bad thing. I would share my bandwidth if I could limit the total bandwidth shared to 1 Mbps and have my Intranet inaccessible to outside users. Plus sharing bandwidth really has little to do with the password to change settings on the router, unless, of course, the router password is the default.
PRO Level 15
User avatar
Posts: 1066
Joined: Tue Aug 17, 2004 1:41 am
Location: Indianapolis, IN

Return to Security & Virus

Who is online

Users browsing this forum: No registered users and 2 guests

cron
cron