Security experts are warning Internet users to be aware of a disturbing evolution in malicious software that can turn a single infected computer into a vehicle for stealing data from any nearby systems, regardless of what operating system or security software those computers may be running.
The evolution comes compliments of the DNSChanger family of malware, which usually comes disguised as a codec or browser plug-in that a user is told he or she needs to install in order to view Web-based videos. As its name suggests, the malware alters the domain name system (DNS) server settings on infected systems, effectively routing the victim's Web searches and other online activities through servers that the attackers control. DNSChanger can install on a Mac or Windows computer.
The added feature in the latest version of DNSChanger is that it installs its own DHCP server on the victim's machine. DHCP stands for "dynamic host control protocol," and it is what wired and wireless routers use to hand out addresses to computers on a network. In fact, most laptops are configured to automatically request an Internet address from any local wireless network that happens to be handing them out.
Why is this a big deal? By adding its own DHCP server to a host machine, DNSChanger can now offer nearby wireless-equipped devices an Internet address, complete with its own set of rogue DNS servers.
News 3 years ago
