The problem point out by TrustedSource blog indicates a new trojan that endangers our computers. It is a clone of the DNSChanger trojan and was discovered in-the-wild last week.
The trojan hacks the routers that use the basic access authentication process. That means any computer that access the Internet through a router can be at risk. The DNSChanger Trojan changes the DNS settings to redirect the Web site address to a malicious site supplied by the attackers (as seen in the picture below).
To understand the hacking process, I can tell you that your network is reconfigured to do all domain connections through a malicious name server. Thus, the users are exposed to phishing attacks. The most exposed user are those who didn't changed their router's factory settings. That happens because, the trojan has a pre-defined set of passwords (”dictionary attack”) commonly used by routers vendors. It tries one combination per approximately 100 milliseconds, which makes 600 combinations per minute. Although the risk to hit you might seem not important, it is advisable to change the original router configuration.
Comment Preview