DNS Trojan on the loose. . .

« Facebook Koobface virus | Main | New IE7 security exploit in the wild »


DNS Trojan on the loose. . .

Kevin R. Smith

The cheeky folks at The Register bring us this news of a new Trojan DNS attack, DNSChanger that can compromise multiple different OSes.

The upshot isn't that Mac and Linux/Unix users need to be worried per se, but that they should still be concerned if they're using DNS servers set by their DHCP provider. Why?

When your get your IP address from a third party DNS server, as is the case with most cable modems, DSLs, and dial-ups, you rely on the DNS server settings passed down to your machine.

This is the case no matter what operating system you're running (unless you manually override these settings and hard code them) [N.B. This is trivial to do in Mac/Unix/Linx by editing /etc/hosts, but that's beyond the scope of this blog.]

So in any case, if a Windows machine is compromised, other machines sharing the same DHCP server as the compromised Windows machine can be thus attacked via settings given to it by the Windows machine that has been victim of the DNSChanger Trojan.

For the kids in the cheap seats and anyone else not paying attention, this means if you're using:

  1. a cable modem
  2. DSL
  3. dial-up
  4. corporate network using a DHCP server

YOU my dear reader are susceptible to this nasty bugger of a trojan. (You're also vulnerable if you're on another type of network we can't think of that assigns IP addresses and DNS settings via DHCP.)

For everyone out there, for the record, we do encourage you to hard code your DNS settings. (Look to your favorite search engine if you're unfamiliar with how to do this.) And, as always, we certainly encourage everyone to compare antivirus software and choose one with the right features and price for your needs.


TrackBack URL for this entry:

Listed below are links to weblogs that reference DNS Trojan on the loose. . . :


You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.