PDA

View Full Version : Awesome virus


natrat
April 8th, 2014, 11:33 PM
hey guys, i've just come across this virus for the first time and thought I'd share. May be old news to some.

client was having issues with "flash player update required" messages randomly popping up in their browers on all office PCs. also having trouble reaching gmail, google occasionally, facebook etc. Their ESET AV was constantly popping up boxes saying certain websites blocked, like www.google.com.

Turns out the DNS on all the PCs had been changed to a dodgy primary DNS that redirects traffic to their dodgy virus laden sites. This is odd as the PCs all get DNS via DHCP from the modem. So tried to login to the TPlink modem (last time i was there it had the default admin/admin login) but couldnt.

Turns out someone has downloaded this virus onto a PC, which has then reconfigured DHCP in the TPlink to send out the dodgy DNS addresses to clients via DHCP, then changes the admin login password on the TPlink so you cant get in and fix it.

Awesome stuff :)

nattivillin
April 18th, 2014, 05:25 PM
Quite easy when the default credentials are left on a router.

They are finding holes everywhere.