DNSChanger malware causes a computer to use rogue DNS servers instead of a legitimate one which is generally provided by the ISP. Such malware changes a computer's DNS server settings and attempts to access networking devices on the victim’s small-office or home (SOHO) network that run a DHCP server (eg. a “router” or “home gateway”) using common default user names and passwords and, if successful, change the associated DNS configuration. The latter technique may impact all computers on the home/small-office network even if they are not directly infected.
The recently uncovered infrastructure leveraged a malware known as TDSS, Alureon, Tidserv or TDL4 by the antivirus community. This malware has significant capabilities to evade detection and resist removal. These capabilities have also been repeatedly updated and improved by the malicious actors. This malware changes a number of registry keys and values to make sure it is always restarted every time the victim computer operates. A version also infects an area of the computer hard drive called the Master Boot Record (MBR). This drive sector is typically the first to be accessed by a computer before loading the operating system. For this reason, malicious code infecting the MBR requires special intervention to be successfully removed.
Important Links :
Click Here for For Detailed Information on Detection , Prevention and Cure For DNS Changer Malware
Click Here if to See if Your Computer is Infected by DNSChanger Malware
Click Here for the DNS Changer Recovery Guide / Removing The Malware from Your Infected Computer
Click Here for Trusted Recovery / Antivirus Tools Recommended by Microsoft
Source : http://www.publicsafety.gc.ca/
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.