DNSChanger Trojan Disseminated across Computers through TDSS Rootkit

TDSS rootkit, which's difficult to remove and has been responsible for many sophisticated assaults, apparently is aiding in disseminating the DNSChanger PC-Trojan, published Eweek.com on November 21, 2011.

The TDSS, a nightmarish malware that's called TDL4 or Alureon too, is also contamination itself spread via DNSChanger and posing problems in more ways. Primarily created for compromising the inbound and outbound web-traffic of victims, the TDSS alters the contaminated computer's DNS-settings, diverting end-users onto malevolent websites instead of the intended ones.

The attackers then utilize this compromised web-traffic to execute simply anything like loading more malware alternatively, using it for malicious schemes related to pay-per-click advertisements. Security researchers from Dell Secureworks reported of 600K to 1m distinct IP (Internet Protocol) addresses that the DNSChanger malware contaminated during recent weeks, while the TDSS pulled down and loaded the very Trojan, thus stated ThreatPost in news dated November 16, 2011.

Notably, 7 individuals from Russia and Estonia were accused of carrying out a fraud, which over a 5-year-or-more time-span utilized DNSChanger for reaping over $14m as monetary gain. This sudden gain was racked up via the diversion of victims onto fake online-sites, which generated ad-fees for the cyber-criminals whenever users clicked on those ads.

Senior Threat Researcher Paul Ferguson of Trend Micro stated that eliminating the malicious Trojan as such wasn't difficult rather the problem was with spotting all the users victimized, while ensuring that the malware wasn't pulled down again via any other malware item, also difficult for removing, that posed threat to the infected PC. Eweek.com reported this.

Moreover, according to Dell SecureWorks, the DNSChanger infection is truly risky in that it shows infection on the user's computer that's from bigger malicious software, a mixture of fake anti-virus, spam-bot, the Zeus banker Trojan and more.

Finally, Ferguson tells that the TDSS isn't the lone source for disseminating the DNSChanger. For, users pulled down a previous edition of the Trojan in an attack, which used social engineering and was related to a website that apparently pledged for providing one movie file that could only be watched once users loaded appropriate codec files, the researcher recalls.

Related article: DNSChanger Trojan on Mac OS X Slows Down Web Browsing

» SPAMfighter News - 11/23/2011