New DNSChanger Trojan variant targets routers

Secure Computing researchers have discovered a new Trojan variant in nature DNSChanger attacks routers, meaning any Web surfing computer on that network could be at risk of being redirected to a malicious Web site.

DNSChanger The Trojan modifies the DNS settings to point to a host address of websites provided by the attackers, Sven Krasser, director of research of data mining for Secure Computing, said in an interview with ZDNet Asia’s sister site CNET on Tuesday.

“The network is essentially reconfigured to do all the (domain) name resolutions over this malicious name server,” he said.

DNSChanger The Trojan is able to access all settings and functions on the router. We only know a few popular router Web interface URLs that you can use to change DNS settings at this time, but that is expected to change and more routers will be affected, according to a blog of Secure Computing.

The Trojan is believed to be created by the creators of the family of malware called “Zlob” which masquerades as an ActiveX video codec.

This article was first published as a blog on CNET