First, an up-to-date Anti-Virus engine needs to be in place. Our Secure Anti-Malware engine, for example, blocks this threat proactively as "Trojan.Dropper.Dldr.DNSChanger.Gen" already at the network perimeter. Next, users must not deploy routers, broadband modems or other networking equipment that comes with an administrative web interface, without changing the default password first.
A typical sign of infection with DNSChanger is that the DNS and DHCP servers are pointing to the IP address range 85.255.*.* . Another sign for infection is that non-existing domain names are being resolved by the malicious DNS servers. Potentially infected users can try to browse to a fictitious domain that doesn't exist.
With the constant evolution of this kind of threat, what kind of technology challenges does the industry face?
Attackers have an affinity to the weakest link. As Microsoft products become more secure in general, attackers are now additionally targeting other alternative software and file formats commonly used on desktop computers. For example, we're seeing more attacks exploiting vulnerabilities in Flash videos or PDF documents today.
DNSChanger had also been the first major malware family being ported to the MacOS X platform just half a year ago, thereby underlining how this is becoming an "attractive" platform for malware authors, too. And now they have added routers to their targets, which is yet another frightening move.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.