There are two things in life we can take for granted: death and internet attacks. In fact, while there’s nothing we can do about the first one, the second one is fortunately much more avoidable, if we choose to protect ourselves in an efficient manner. With this being said, protection is now more important than ever, because lately a nasty form of internet attack has returned from its grave. DNSChanger Trojans are indeed coming back and can once again become a problem for any network in the world.
However, as we mentioned before, there’s something you can do about these malicious attacks so you don’t have to fall prey for them.
DNSChanger was a Trojan that infected over 4 million computers worldwide for about five years (2007-2012) and earned at least $14 million in profits to its operators, an Estonian company called Rove Digital. Unlike DDoS attacks, which prevent access to certain online services, DNSChanger was distributed as a so-called drive-by download that claimed to be a video codec required to play content of determined websites, mainly adult ones. If the victim fell for the trap, the malware would modify the system’s DNS (Domain Name System) configuration, hijacking (rerouting) users to rogue DNS servers operated through affiliates of Rove Digital. The malware would not only replace all the website’s ads with those by the Estonian company, but also redirect a perfectly normal link to the websites of those same advertisers. To make things worse, the effects of this kind of attack could also easily spread to other computers within a LAN by simply copying a DHCP server, directing all other computers towards the same rogue DNS servers.
This malicious operation was so serious that in November 2011 it resulted in a raid organized by the FBI to locate rogue servers. However, to avoid the affected users from losing their internet access, the agency chose to keep the servers up and running until July 2012, when they finally captured the people behind Rove Digital.
A few years later, however, DNSChanger attacks are, sadly, back in a new and advanced form, infecting several Netgear and D-Link type routers. This time it targets small businesses and home users via hidden JavaScript code, which is launched if the victim clicks on web ads, and scans the IP address of the browser. Should the IP address of the victim be within the range of the attacker, the browser redirects the user to a page carrying the DNSChanger Exploit Kit. This kit then looks up domain-names via DNS servers controlled by hackers and, ultimately, all downloads on the infected computer are redirected to the rogue servers. Aside from that, the usual ads are replaced by fake ones carrying all sorts of spyware and malware.
Unfortunately a simple antivirus won’t be enough to avoid this mess in fact, your best chance against this Trojan will be investing in a DD-WRT VPN router. Such a router runs open-source firmware, thus preventing default firmware bugs. Furthermore, it shuts factory installed backdoors so they cannot be exploited by attackers. DD-WRT VPN routers also contain strong firewalls and ad-blockers, therefore clicking on an advertisement that might contain the malware is impossible to begin with. And last but not least, VPNs encrypt all your data, including your real IP address, so DNSChanger and other similar exploit kits have no chance to attack and control your network.
©2012-2025 Best Reviews, a clovio brand –
All rights
reserved
User feedback