New rogue DHCP server malware
at 10:00 pm
on March 16, 2009
in Data Centers, Development, Programming, Security, Tellicommunications
no comments
A bold new type of malware has been identified. Its attack vector is based on hijacking the DNS settings for devices on a local area network. Any device regardless of operating system that depends on an internal or external name server can be affected.
The trojan configures and runs a rogue DHCP daemon on the infected host. Other devices on the same LAN are misled into using name servers settings provided by the trojan DHCP daemon for DNS lookups instead of using the origional configured name servers.
Devices on the network are then sent to fraudulent websites that can be more difficult to identify as imposters since the DNS lookups appear correct.
This is a more advanced attack of a well known vector of attacking a systems hosts file, but by being system agnostic and using the familiar DNS protocol, it is much more effective.
More details can be found at SANS
Leave a Comment...
You must be logged in to post a comment.
Ruan is a resolute technophile that is currently devoted to the professional practice of Information Technology Management. In his free time Ruan pursues various interests including the study of Information Security practices and the exploration of visual culture through contemporary photography and communication design.
- IBM embraces Firefox, adopts it internally
9:54 am, July 5, 2010 - Canada Post warns of fraudulent email
7:18 pm, April 26, 2010 - Bank Employee Plants Malware on ATMs
11:46 am, April 9, 2010 - University of Cambridge discovers Chip and PIN verification “wedge” vulnerability
11:41 am, February 15, 2010 - The EU and UK Have Less Open Wireless WiFi Broadband Hotspots Than USA
11:43 am, January 8, 2010