Evolving DNS malware

December 8, 2008 – 6:21 PM

Symantec researchers have reported finding a variation on the old DNSChanger trojan that installs a rouge DHCP server simulation on local networks. This means that even uninfected machines on the network can get re-directed to malicious servers.

DNSChanger has been present in the wild for some time and was originally designed to change local DNS servers in the operating system. Both Windows and Mac OS machine were vulnerable. The next step was to changing DNS server settings in ADSL routers. The rogue DHCP server version is the latest mutation.


You must be logged in to post a comment.