Routers from Cisco, D-Link, Huawei, TP-Link and ZTE have been identified as vulnerable.
The new version, says analyst Benjamin Vanheuverzwijn, continues the modular approach to darkware coding - and since the code is digitally signed, it is both resilient to protocol manipulation, and likely to be treated as legitimate in a corporate environment.
So what's changed with the new version of the malware?
Because the trojan is modular, like the infamous Zeus financial malware, cyber-criminals can add to, and even change the direction of, the darkware.
Just recently, says Vanheuverzwijn, a new component has been seen in the trojan, one that has the ability to change a home/small business broadband gateway router's primary DNS address. So far, he adds that routers from Cisco, D-Link, Huawei, TP-Link and ZTE have been identified as vulnerable to the malware attack vector.
Full Article
New malware component changes router's DNS settings remotely
Userlevel 7
+52
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.