User Tools

Site Tools


dnschanger

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

dnschanger [2013/01/27 21:29] (current)
Line 1: Line 1:
 +====== DNSChanger ======
 +
 +
 +===== Behavior =====
 +  * Can compromise Windows, Mac, and some routers and modems.
 +  * Modifies the DNS server entries to point to IP's in the Ukraine.
 +  * Redirects certain lookups. This prevents updating of anti-malware.
 +
 +
 +===== Removal and Recommendations =====
 +From everything I've gathered, most up-to-date anti-virus and anti-spyware should detect this. The problem is that the DNSChanger redirects away from anti-malware update sites. I personally recommend either scanning from a bootable CD/DVD (BartPE, UBCD4Windows,​ etc.) or pulling the drive to scan it from a clean, updated system.
 +
 +Apple has an antivirus tool out that is supposed to remove it from their OS.
 +http://​www.apple.com/​downloads/​macosx/​networking_security/​iantivirus.html
 +
 +Block and/or monitor all traffic to and from 85.255.112.0 – 85.255.127.255 (85.255.112.0/​20).
 +
 +===== References =====
 +http://​isc.sans.org/​diary.html?​storyid''​5434<​br />
 +http://​www.symantec.com/​security_response/​writeup.jsp?​docid''​2008-120318-5914-99&​tabid''​2<​br />
 +http://​asert.arbornetworks.com/​2008/​11/​rogue-dns-servers-on-the-move/​
 +
 +
 +
 +-- Main.FredPettis - 03 Apr 2009
  
dnschanger.txt ยท Last modified: 2013/01/27 21:29 (external edit)