1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Trojan modifies routers' DNS

Discussion in 'Article Discussion' started by CardJoe, 18 Jun 2008.

  1. CardJoe

    CardJoe Freelance Journalist

    Joined:
    3 Apr 2007
    Posts:
    11,343
    Likes Received:
    292
  2. Amon

    Amon inch-perfect

    Joined:
    1 Jun 2007
    Posts:
    2,467
    Likes Received:
    2
    Clearly, this is a problem for those with shite routers.
     
  3. Glider

    Glider /dev/null

    Joined:
    2 Aug 2005
    Posts:
    4,173
    Likes Received:
    21
    Or real insecure setups
     
  4. taliban_raider

    taliban_raider Just some guy; you know

    Joined:
    28 Feb 2003
    Posts:
    773
    Likes Received:
    2
    or
    Admin
    Admin
     
  5. liratheal

    liratheal Sharing is Caring

    Joined:
    20 Nov 2005
    Posts:
    10,611
    Likes Received:
    714
    What are factory defaults?

    =P
     
  6. yuusou

    yuusou Well-Known Member

    Joined:
    5 Nov 2006
    Posts:
    1,951
    Likes Received:
    258
    DD-WRT <3
     
  7. DXR_13KE

    DXR_13KE BananaModder

    Joined:
    14 Sep 2005
    Posts:
    9,118
    Likes Received:
    363
    still vulnerable if you are an idiot and leave it as admin admin or something daft like that....
     
  8. Bluephoenix

    Bluephoenix Spoon? What spoon?

    Joined:
    3 Dec 2006
    Posts:
    968
    Likes Received:
    1
    these have actually been used on larger targets for much longer, since some corporations insist on not using customized settings in favor of shorter deployment time.

    its interesting though that its now being used for standard phishing scams rather than corporate espionage.
     
  9. Firehed

    Firehed Why not? I own a domain to match.

    Joined:
    15 Feb 2004
    Posts:
    12,574
    Likes Received:
    16
    No, it's a problem for those with shite habits (one of which being leaving the router password as default, and of course doing stupid things that get you trojans in the first place). There's no need for AV software if you don't act like a tool on your computer, no matter what OS you're using. Not so much for firewalls, but that's a separate issue.
     
  10. DannyDirect

    DannyDirect New Member

    Joined:
    23 Apr 2008
    Posts:
    21
    Likes Received:
    0
    This is why I have memorized a 12 character password which is consisted of totally random numbers, caps and letters. Even then, my router makes use of technologies to make it virtually invisible apart from the computer IP's which I assign to it.
    Noting is ever 100% secure, however, if you just take your time to actually setup your router and network properly with relevant security measures taken then it shouldn't be a problem.
     
  11. -EVRE-

    -EVRE- New Member

    Joined:
    12 May 2004
    Posts:
    372
    Likes Received:
    1
    I thought a router wouldnt respond to a login attempt from the wan side, only the lan side....?
     
  12. plagio

    plagio New Member

    Joined:
    26 May 2004
    Posts:
    147
    Likes Received:
    0
    Yeah, me too. Maybe this trojan first has to enter your PC.
     
  13. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    12,261
    Likes Received:
    1,724
    Bingo. It infects Windows PCs, then attacks whatever IP is assigned as the default gateway.
     
  14. mclean007

    mclean007 Officious Bystander

    Joined:
    22 May 2003
    Posts:
    2,035
    Likes Received:
    15
    I'm sorry to admit it, but I'm actually quite impressed by the devious ingenuity of this. Not that there's any excuse for this sort of thing mind.

    The clever part is that most people don't ever check their router's settings unless their internet connection disappears. This attack very effectively puts a man in the middle for every computer in the network, which can get there by infecting a single machine with a Trojan and which remains there even if the Trojan is removed or if the whole computer is removed.
     
  15. chrisb2e9

    chrisb2e9 Dont do that...

    Joined:
    18 Jun 2007
    Posts:
    4,056
    Likes Received:
    45
    so it infects your pc and then goes after the router, so if I run something like AVG i'm safe right?
    but that would have to be on every pc on the network, and if someone comes over to my house and I let them on my network and they have the trojan, then I'm in danger?
    right?
    or did I miss something.
    Once a router gets affected by this how would you know about it and how would you fix it?
     
  16. Tomm

    Tomm I also ride trials :¬)

    Joined:
    12 Apr 2004
    Posts:
    2,249
    Likes Received:
    0
    It is somewhat worrying that my PC (albeit via Firefox which is largely bulletproof) knows the passwords to my router login anyway... A 12 digit random password is no use if it's stored on your (infected) PC!
     
  17. Redbeaver

    Redbeaver The Other Red Meat

    Joined:
    15 Feb 2006
    Posts:
    2,056
    Likes Received:
    34
    not necessarily. some routers by default provide admin access from WAN as well. or remote-management firewall turned on by default. or zero firewall policies even. and to top it off, there are ways to spoof ur way into the router confusing WAN and LAN.

    oh there are ways.

    gotta love this one.

    or admin - 1234
    or admin - smc1234
    or admin - [blank]
    or administrator - [blank]

    list goes on and on...
     
  18. Redbeaver

    Redbeaver The Other Red Meat

    Joined:
    15 Feb 2006
    Posts:
    2,056
    Likes Received:
    34
    well once it succesfully infects ur router, it could care less if there's any trojan in any computer of the network.

    once the router's whacked, anything under the router's network will get some really bad domain name redirection.

    how would u kno about it? tough. i recommend just resetting ur router to factory default and/or update/refresh its firmware, THEN lock it down; such as giving it a tough password and turning off remote access from WAN n stuff...

    edit: actually, the trustedsource link there gives a couple good examples on how to test if ur infected or not :)
     
  19. Amon

    Amon inch-perfect

    Joined:
    1 Jun 2007
    Posts:
    2,467
    Likes Received:
    2
    My router password isn't even English.
     
  20. Veles

    Veles DUR HUR

    Joined:
    18 Nov 2005
    Posts:
    6,188
    Likes Received:
    34
    Wow, I just realised my router doesn't even have a login screen thingy
     
Tags: Add Tags

Share This Page