RangerMSP Business Automation for successful ITs

 
April 8th, 2014, 11:33 PM
natrat
 
Posts: 242
hey guys, i've just come across this virus for the first time and thought I'd share. May be old news to some.

client was having issues with "flash player update required" messages randomly popping up in their browers on all office PCs. also having trouble reaching gmail, google occasionally, facebook etc. Their ESET AV was constantly popping up boxes saying certain websites blocked, like www.google.com.

Turns out the DNS on all the PCs had been changed to a dodgy primary DNS that redirects traffic to their dodgy virus laden sites. This is odd as the PCs all get DNS via DHCP from the modem. So tried to login to the TPlink modem (last time i was there it had the default admin/admin login) but couldnt.

Turns out someone has downloaded this virus onto a PC, which has then reconfigured DHCP in the TPlink to send out the dodgy DNS addresses to clients via DHCP, then changes the admin login password on the TPlink so you cant get in and fix it.

Awesome stuff :)
 
April 18th, 2014, 05:25 PM
nattivillin
 
Posts: 1,146
Quite easy when the default credentials are left on a router.

They are finding holes everywhere.
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search



All times are GMT -6. The time now is 01:09 AM.

Archive - Top    

RangerMSP - A PSA software designed for MSPs and IT Services Providers
Forum Software Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.