Secure Computing researchers have discovered a new variant of the DNSChanger Trojan in the wild that attacks routers, meaning any Web surfing computer on that network could be at risk of being redirected to a malicious Web site.
The DNSChanger Trojan changes the DNS settings to point to a host Web site address supplied by the attackers, Sven Krasser, director of data mining research at Secure Computing, said in an interview with CNET News.com on Tuesday.
"Your network is essentially reconfigured to do all the (domain) name resolutions over this malicious name server," he said.
The DNSChanger Trojan is able to access all the settings and functions on the router. It only knows about a few popular router Web interface URLs that it can use to change DNS settings at this time, but that is expected to change and more routers will be affected, according to a Secure Computing blog entry.
The Trojan is believed to be created by the creators of the family of malware called "Zlob," which masquerades as an ActiveX video codec.
A new variant of the DNSChanger Trojan attacks routers so that non-existing domain names are added by the malware. These rogue DNS servers, located in the Ukraine, resolve any domain name you provide and redirect to Web sites that look like the one in this screenshot.
(Credit: Secure Computing)Seen more as a prank than an actual threat, a Trojan horse for the Apple iPhone, first reported on Saturday, has already come and gone. Still, users should be on the look out for a package called "iPhone firmware 1.1.3 prep," described as something you need to install before updating to the new 1.1.3 firmware. Billed as an "important system update," the code does little more than cause annoyance. According to various sources, once the Trojan is installed it simply displays the word "shoes."
However, the Trojan also overwrites several legitimate applications, including Erica's Utilities, Launcher, Doom, and OpenSSH, meaning that if you uninstall the Trojan, you will need to reinstall these applications later. This appears to be a consequence of poor programming.
The risk to iPhone users is now considered negligible since the host sites have all been taken down.
As antivirus vendor F-Secure concluded in its blog, "This time it was an 11-year-old kid playing with XML files who created the Trojan. Next time it might be someone else with more skills and with specific target."
According to security vendor BitDefender, spammers have defeated a system designed to differentiate humans from machines when registering new accounts online. Known as Captcha (Completely Automated Public Turing test to tell Computers and Humans Apart), the system won't allow users to advance until distorted characters in a box are correctly entered. BitDefender says a new threat, Trojan.Spammer.HotLan.A, is using more than 15,000 automatically generated bogus Microsoft Hotmail accounts to spread and is registering 500 new accounts per hour, suggesting the Captcha system has been defeated.
BitDefender says the Trojan horse accesses one of the free Web mail accounts from Microsoft or Yahoo, pulls encrypted content from a Web site, decrypts the message (usually spam for a pharmaceutical product), then sends the e-mails to presumably valid addresses obtained from another Web site. Exactly how the Trojan is able to create the bogus Web mail accounts is not documented.
(Credit:
Trend Micro)
According to Trend Micro, a Trojan horse that downloads a certain YouTube video could compromise your computer. The video appears to be an episode of Afterworld, a Web TV series about a society where technology is dead. Security vendor Websense has also been tracking this Trojan horse and has traced the video to a .su domain, which was originally assigned to the former Soviet Union and still remains in use today.
The use of online media files to infect end users with malware is not new. A worm last October used a JavaScript flaw in Apple Quicktime to spread on MySpace. For this attack, Websense has produced, ironically, an informative YouTube video demonstrating what happens to your computer. This YouTube Trojan steals personal information from a compromised PC and then broadcasts it to an undisclosed location.
- prev
- 1
- next
