http://www.theregister.co.uk/2011/11/14/tdss_drops_dns_changer/ By Dan Goodin The Register 14th November 2011 One of the world's most advanced pieces of malware is being used to spread DNS Changer, a trojan at the heart of a massive click fraud scheme that has already hijacked 4 million PCs, security researchers said. Just a few days after federal prosecutors in the US shuttered the international conspiracy, researchers from Dell SecureWorks said they discovered DNS Changer is being spread by TDSS. The rootkit, as previously reported, is among the hardest to detect and remove and is often used as a means to install keyloggers, tools for attacking websites, and other malware. Once installed, DNS Changer is able to alter the DNS, or domain name system, settings that computers and routers use to find the IP numbers that correspond to domain names such as theregister.co.uk and google.com. By replacing legitimate DNS servers with servers under the control of the attackers, they are able to send victims to fraudulent websites instead of the destinations the victims intended to visit. Last week, seven people from Estonia and Russia were criminally charged in a scam that for more than five years used DNS Charger to generate more than $14 million in profit. The racked up the windfall by redirecting victims to imposter websites that paid advertising fees to the attackers each time they were clicked on. The scheme preyed on users of computers running Microsoft Windows and Apple OS X operating systems. DNS Changer is also able to change DNS configuration settings in certain routers, particularly when they use default usernames and passwords. [...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Mon Nov 14 2011 - 22:08:03 PST
This archive was generated by hypermail 2.2.0 : Mon Nov 14 2011 - 22:09:12 PST