By Dan Goodin in San Francisco
16th March 2009
Internet security experts are warning of a new rash of malware attacks
that can hijack the security settings of a wide variety of devices on a
local area network, even when they are hardened or don't run on Windows
Once activated, the trojan sets up a rogue DHCP, or dynamic host
configuration protocol, server on the host machine. From there, other
devices using the same LAN are tricked into using a malicious domain
name system server, instead of the one set up by the network
administrator. The rogue DNS server sends the devices to fraudulent
websites that in many cases can be hard to identify as impostors.
A new variant of Trojan.Flush.M is making the rounds, Johannes Ullrich,
CTO of the SANS Internet Storm Center warns here. It offers several
improvements over its predecessor, which was discovered in early
December. Among other changes, the new strain no longer specifies a DNS
domain name, making the rogue DHCP server harder to detect.
"This kind of malware is definitely dangerous because it affects systems
that themselves are not vulnerable" to the trojan, Ullrich told The
Register. "So all you need is one system infected in the network and it
will affect a lot of other nonvulnerable systems."
Best Selling Security Books and More!