News Trojan modifies routers' DNS

http://www.bit-tech.net/news/2008/06/18/trojan-modifies-routers-dns/1

SecureComputing has reported a new variant of the DNSChanger trojan, a nasty bug which attempts to reconfigure your broadband router to point at compromised DNS servers.

 

Clearly, this is a problem for those with shite routers.

 

Or real insecure setups

 

or
Admin
Admin

 

What are factory defaults?

=P

 

DD-WRT <3

 

still vulnerable if you are an idiot and leave it as admin admin or something daft like that....

 

these have actually been used on larger targets for much longer, since some corporations insist on not using customized settings in favor of shorter deployment time.

its interesting though that its now being used for standard phishing scams rather than corporate espionage.

 

No, it's a problem for those with shite habits (one of which being leaving the router password as default, and of course doing stupid things that get you trojans in the first place). There's no need for AV software if you don't act like a tool on your computer, no matter what OS you're using. Not so much for firewalls, but that's a separate issue.

 

This is why I have memorized a 12 character password which is consisted of totally random numbers, caps and letters. Even then, my router makes use of technologies to make it virtually invisible apart from the computer IP's which I assign to it.
Noting is ever 100% secure, however, if you just take your time to actually setup your router and network properly with relevant security measures taken then it shouldn't be a problem.

 

I thought a router wouldnt respond to a login attempt from the wan side, only the lan side....?

 

Yeah, me too. Maybe this trojan first has to enter your PC.

 

I'm sorry to admit it, but I'm actually quite impressed by the devious ingenuity of this. Not that there's any excuse for this sort of thing mind.

The clever part is that most people don't ever check their router's settings unless their internet connection disappears. This attack very effectively puts a man in the middle for every computer in the network, which can get there by infecting a single machine with a Trojan and which remains there even if the Trojan is removed or if the whole computer is removed.

 

so it infects your pc and then goes after the router, so if I run something like AVG i'm safe right?
but that would have to be on every pc on the network, and if someone comes over to my house and I let them on my network and they have the trojan, then I'm in danger?
right?
or did I miss something.
Once a router gets affected by this how would you know about it and how would you fix it?

 

It is somewhat worrying that my PC (albeit via Firefox which is largely bulletproof) knows the passwords to my router login anyway... A 12 digit random password is no use if it's stored on your (infected) PC!

 

not necessarily. some routers by default provide admin access from WAN as well. or remote-management firewall turned on by default. or zero firewall policies even. and to top it off, there are ways to spoof ur way into the router confusing WAN and LAN.

oh there are ways.

gotta love this one.

or admin - 1234
or admin - smc1234
or admin - [blank]
or administrator - [blank]

list goes on and on...

 

well once it succesfully infects ur router, it could care less if there's any trojan in any computer of the network.

once the router's whacked, anything under the router's network will get some really bad domain name redirection.

how would u kno about it? tough. i recommend just resetting ur router to factory default and/or update/refresh its firmware, THEN lock it down; such as giving it a tough password and turning off remote access from WAN n stuff...

edit: actually, the trustedsource link there gives a couple good examples on how to test if ur infected or not

 

My router password isn't even English.

 

Wow, I just realised my router doesn't even have a login screen thingy