Malware
Silently Alters Wireless Router Settings
Security researchers have discovered a new Trojan horse that disguises
itself as a video ‘codec’ required to view content on certain
Web pages. When the fake codec is installed, the Trojan horse - a variant
of the ‘Zlob’ Trojan - checks to see if the victim is using
a wireless router. If so, the Trojan horse uses a built-in list of default
router/username passwords to guess the username and password needed to
log on as an administrator of the victim's router.
After successfully logging into the router, the Trojan changes its domain
name system (DNS) records so that all Internet traffic passes through
the attacker's network first. Security researchers are concerned about
this version of the Zlob Trojan for several reasons, including the fact
that Zlob is one of the most common types of Trojans downloaded onto computers
running Windows. In addition, victims' networks can remain compromised
even if the Trojan is cleaned off the infected computer. As a result,
experts are advising people whose computers have been infected with Zlob
to reset their routers to the default settings after cleaning the Trojan
off their machines.
