Tuesday, March 17, 2009

Alert: DNS Trojan hijacks entire LAN

A new rash of Trojans has been detected that attempts to hijack entire local area networks (LAN) by masquerading as a DHCP server on the network. This allows the malware to set itself up as the domain name server (DNS).

This will allow for the possibility for even hardened or non-Windows machines to be misdirected to visit malicious sites in order to exploit any vulnerabilities that they might have.

Johannes Ullrich, CTO of the SANS Internet Storm Center highlighted the danger of this attack vector as "This kind of malware is definitely dangerous because it affects systems that themselves are not vulnerable. So all you need is one system infected in the network and it will affect a lot of other non-vulnerable systems."!

more...

Monday, March 9, 2009

Caution: A more aggressive Downadup/Conficker Virus/Worm variant detected

A third version of Downadup has been identified by Symantec, which says the new variant gives infected machines more powerful instructions to disable anti-virus software and analysis tools, among other actions.

W32.Downadup.C is a modular component for machines currently infected with Downadup. This variant of Downadup, also called Conficker, is not attempting to self-replicate and appears to behave more like a Trojan than a worm, says Vincent Weafer, vice president of Symantec Security Response.

The W32 Downadup.C variant was discovered today in a Symantec honeypot and is still under investigation. Symantec expects to identify additional capabilities shortly, says Weafer, who adds that Symantec has not yet seen W32.Downadup.C in customer networks directly.

Earlier versions of Downadup did attempt to disable anti-virus software, but the third version represented in the Downadup.C module is designed mainly to provide more protective actions to infected Windows-based machines so they can better defend themselves from anti-virus software and other eradication methods.

“It’s more aggressive, it has more services,” says Weafer. more...