6 thoughts on “DNSChanger Worm uses DNS poisoning”

  1. DNS Changer 2.0 (Trojan.Flush.M) is the next –in the wild- variant of this famous malware. Now the strategy has been changed, no need to modify the DNS settings on ADSL routers. Instead it will install a network driver (NDISProt.sys) which allows the malware to send/receive raw Ethernet packets. Such approach will help it bypass Windows TCP/IP, FW and HIPS.

    It installs a rogue DHCP server on the infected machine and listens for DHCP requests and responds with its own crafted DHCP offer packets. The reply contains malicious DNS servers, which will redirect hosts to infected websites that include everything from phishing to exploit-and-infect pages.

    The question is how to protect and prevent such attacks.

    Continue Reading …

    http://extremesecurity.blogspot.com/2008/12/dns-chanager-20.html

  2. I do accept as true with all of the ideas you have offered on your post. They are really convincing and will certainly work. Still, the posts are very brief for starters. May you please lengthen them a little from subsequent time? Thank you for the post.

  3. I like the helpful info you supply in your articles. I will bookmark your weblog and take a look at once more here frequently. I’m somewhat certain I will learn plenty of new stuff proper right here! Best of luck for the next!

Leave a Reply

Your email address will not be published. Required fields are marked *