Skip navigation.

DNSChanger 2.0

DNS Changer 2.0 (Trojan.Flush.M) is the next –in the wild- variant of this famous malware. Now the strategy has been changed, no need to modify the DNS settings on ADSL routers. Instead it will install a network driver (NDISProt.sys) which allows the malware to send/receive raw Ethernet packets. Such approach will help it bypass Windows TCP/IP, FW and HIPS.

It installs a rogue DHCP server on the infected machine and listens for DHCP requests and responds with its own crafted DHCP offer packets. The reply contains malicious DNS servers, which will redirect hosts to infected websites that include everything from phishing to exploit-and-infect pages.

The question is how to protect and prevent such attacks.

Continue Reading at the Extreme Security Blog

Can u please upload sample

Can u please upload sample of this variant ?

Any respectable AV will be

Any respectable AV will be able to thwart attempts by the "DNSChanger" to further infect a PC through redirections to infected sites. Such as the one listed below.

Norton AntiVirus Gaming Edition 2009.

Might have seen this, but can't be sure

I had a system with one of the worst infections I've seen in some time. It was so deep that once I removed it, the Windows networking section of the registry was completely trashed. I tried a repair install, I tried Winsock repair, Dial-a-fix, I tried manually restoring sections of the registry from Windows restore point backups, and in the end, had to wipe the system.

I'm pretty sure it had some sort of DNS hijacker on it, and even weirder, it was connecting to a phantom wifi network that didn't exist, at least according to Netstumbler. I have a feeling it was something like what you've described in the post.

I just hope I don't see that one ever again, it was nasty.

Ryan Meray
C! Tech Solutions - Royal Oak Computer Repair, Service, Support, and Consulting

DNS Changers in Mac OS X

I haven't seen any first hand, but there are numerous reports on the web of DNS changers working on the Mac OS X. I believe it's just a matter of time until we see more of this sort of infection on that operating system. There are Mac removal tools utils, but I wonder how many Mac users would even be able to figure out they were suffering from DNS issues?

I've seen plenty of them on Windows machines and the newest ones certainly do leave the registry in shambles. I hate having to reformat and install, but in some instances (like the poster above) that's been the only option.

Dallas Computers