[ news_security_news ]
MovieCommander Will Redirect DNS Requests
David Utter
Staff Writer
2007-04-02
 Insider Reports RSS Feed
One of the latest viruses making the rounds attempts to infect systems and send their DNS lookups to sites operated for criminal gain.
No one tries to drop a DNS switching utility on users to improve their response time by redirecting them somewhere like OpenDNS. Criminals want victims to have their requests for websites passed along to ad- or malware-loaded sites they control.
It's all about making money at someone else's expense. As McAfee explained on their Avert Labs Blog, this latest DNS threatening virus comes in an enticing form.
"There is a crafty trojan making the rounds on the Internet called 'MovieCommander.' When looking at this title on a Window's computer and reading the EULA description, many innocent users may think this is a legitimate application designed to help access different video files," researcher Bhaskar Krishna wrote.
"It's actually a trojan installer which upon execution changes the DNS server address to point to its preferred DNS servers as well as dropping a rootkit under %system32% folder."
Krishna did not provide specific details of this problem, but we have seen similar DNS exploits in the past. One example would display advertisements replacing the ones that would normally appear when using a particular search engine.
DNS redirection could send someone to a perfectly spoofed financial site, like a bank or brokerage, where login details would be grabbed and forwarded to the criminals running the scam. People would be hard-pressed to notice such an action taking place.
---
Tags: MovieCommander, Trojan, DNS, Hijack, Computer, Security
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
