Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


MovieCommander Redirects DNS to Malicious Sites

A virus among the latest ones is spreading over the Internet while trying to infect computer systems and transmit their Domain Name Server (DNS) to malicious sites.

A well-intentioned person would not try to plant a 'DNS switching utility' on users to make their 'response time' better by diverting them to an OpenDNS. But criminals attempt to have their victims' website requests passed to sites under their control in which they have loaded malware. Securitypronews published this on April 2, 2007.

The DNS virus spreads through an enticing message, explained McAfee's Avert Labs Blog. A Trojan called 'MovieCommander' was there on the Internet. When users see this heading on their computers and read the End User License Agreement (EULA) description, many may think it to be a genuine application created to facilitate access to various video files, wrote researcher Bhaskar Krishna on the blog. Securitypronews published it on April 2, 2007.

The message on a Microsoft Windows shows the title 'MovieCommander Setup License Agreement', which requests the user to go through the terms on the license before downloading MovieCommander. The rest of the agreement describes the software saying it provides access to many video files on the licensor's sites. Further the software is not a Media Player, add-on or plug-in, nor does it implement any compressor or de-compressor or any additional video application.

Then the message writes on some restrictions.

There is least understanding of DNS management while it is the most popular networking technology for businesses. Recently Websense explained that as soon as a Trojan gets into a computer, the machine is compromised by the fraudster.

Krishna wrote that when the MovieCommander executes a Trojan it alters the DNS address to redirect it to its chosen DNS. It also drops a rootkit.

A similar earlier DNS exploit was one which displayed advertisements instead of the normal ones when working on a search engine.

The DNS redirection often leads the user to a hoax financial site wherein the fraudster steals the login details and forwards it to scammers. This all happens and the user is not even able to notice anything.

ยป SPAMfighter News - 10-04-2007

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page