Stealthy router-based botnet worm squirming

Tuesday, March 24th, 2009

Researchers at DroneBL have spotted signs of a stealthy router-based botnet worm targeting routers and DSL modems. The worm, called “psyb0t,” has been circulating since at least January this year, infecting vulnerable embedded Linux devices such as the Netcomm NB5 ADSL modem (above) and launching denial-of-service attacks on some Web sites. Some ...

DNSChanger 2.0

Sunday, December 21st, 2008

DNS Changer 2.0 (Trojan.Flush.M) is the next –in the wild- variant of this famous malware. Now the strategy has been changed, no need to modify the DNS settings on ADSL routers. Instead it will install a network driver (NDISProt.sys) which allows the malware to send/receive raw Ethernet packets. Such approach ...

Evolving DNS malware

Monday, December 8th, 2008

Symantec researchers have reported finding a variation on the old DNSChanger trojan that installs a rouge DHCP server simulation on local networks. This means that even uninfected machines on the network can get re-directed to malicious servers. DNSChanger has been present in the wild for some time and was originally designed ...

Demonstration Reveals Net Superattack to be Very, Very Real

Thursday, August 28th, 2008

A pair of security researchers recently demonstrated that a theoretical attack possible against the internet’s most embedded infrastructure can, in fact, be very real. The attack exploits normal behavior in the internet routing protocol BGP, which ISPs use to determine how best to route traffic destined for other parts of the ...

How to install an SSH Server in Windows Server 2008

Wednesday, July 23rd, 2008

SSH is the secure shell, a standard defined in RFC 4251. It is a network protocol that opens up a secure channel between two devices using TCP port 22. This channel can also be used for SFTP and SCP (secure FTP and secure copy, respectively). To make this work, you ...