Malware now doing the DNS switcheroo

Malware now doing the DNS switcheroo
Robert Lemos, 2005-11-04

Malware now doing the DNS switcheroo 2005-11-04
Anonymous

This article reads to me as though this is being presented as something new. Qhosts did this in October 2003, and plenty of other attacks since have performed attacks on DNS some through direct manipulation of local hosts file entries and others also modifying local resolver IPs....

[ more ] [ reply ]

Malware now doing the DNS switcheroo 2005-11-07
Anonymous (1 replies)

They stole my idea! LOL, I knew windows was going to have this flaw. It could be done on linux to, the easiest way to do something like thi would be to modify or replace the host file with one you have already made. However I doubt that this virus is that simple....

[ more ] [ reply ]

Re: Malware now doing the DNS switcheroo THINGS TO CHECK 2005-11-07
APK

It's not QUITE as simple, but alters this area in Windows Registry (follow this path thru regedit.exe & alter that entries's security once you have it right for your ISP/BSP DNS, in the left-hand side pane):

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

DhcpNameServer

...

[ more ] [ reply ]

..and the fix is .. 2005-11-08
lsi

...on boot:

if (NewDNSPrimary <> OldDNSPrimary) || (NewDNSSecondary <> OldDNSSecondary) {

alert('DNS servers have changed!');

}...

[ more ] [ reply ]