World's stealthiest rootkit pushes DNS hijacking trojan

[InfoSec News <alerts () infosecnews org>]

http://www.theregister.co.uk/2011/11/14/tdss_drops_dns_changer/

By Dan Goodin
The Register
14th November 2011

One of the world's most advanced pieces of malware is being used to 
spread DNS Changer, a trojan at the heart of a massive click fraud 
scheme that has already hijacked 4 million PCs, security researchers 
said.

Just a few days after federal prosecutors in the US shuttered the 
international conspiracy, researchers from Dell SecureWorks said they 
discovered DNS Changer is being spread by TDSS. The rootkit, as 
previously reported, is among the hardest to detect and remove and is 
often used as a means to install keyloggers, tools for attacking 
websites, and other malware.

Once installed, DNS Changer is able to alter the DNS, or domain name 
system, settings that computers and routers use to find the IP numbers 
that correspond to domain names such as theregister.co.uk and 
google.com. By replacing legitimate DNS servers with servers under the 
control of the attackers, they are able to send victims to fraudulent 
websites instead of the destinations the victims intended to visit.

Last week, seven people from Estonia and Russia were criminally charged 
in a scam that for more than five years used DNS Charger to generate 
more than $14 million in profit. The racked up the windfall by 
redirecting victims to imposter websites that paid advertising fees to 
the attackers each time they were clicked on. The scheme preyed on users 
of computers running Microsoft Windows and Apple OS X operating systems. 
DNS Changer is also able to change DNS configuration settings in certain 
routers, particularly when they use default usernames and passwords.

[...]


_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn