Saturday, July 14, 2012


Posted by at No comments:

Saturday, February 25, 2012

CURRENT ACTIVITIES : DNS Changer Malware


DNS Changer Malware


http://www.cert-in.org.in


It has been observed that a malware called as DNS Changer Trojan which
changes the DNS server entries in the computer systems and ADSL /VoIP
router (home gateway devices) is widely propagating.
The malware initially infects the Windows or Apple computers and
subsequently gain access to routers coneected to those systems to exploit
weakness like default factory configurations, easily guessable passwords
etc.
Once exploited or accessed, changes the DNS settings in the said computers
and devices and make them point to rouge foreign DNS servers.

In a typical attack scenario, the unwitting users are enticed to download
malware (similar to Trojan:BAT/Dnschanger.B) which subsequently, tampers
the Windows network settings (entry of DNS in the host file, adding a
proxy in the browser settings) in the host computer and scans for the
connected DSL devices and tries to login directly to the Admin interface to
change the DNS settings in the routers.

By achieving this, cyber criminals can control what sites the user connects
on the internet. The following actions could be performed on infected
system:
• Redirecting the intended queries to malicious servers and hence
further downloading of malware , potentially unwanted programs or
conducting phishing attacks
• eavesdropping the user sessions
• Man in the Middle attack (MITM)
• Serving advertisements with the attackers choice
• Prevent downloading operating system and Antivirus updates.

Confirming malware Infection

• Check the local or ADSL / VoIP router DNS server settings against the
identified rouge DNS servers:
 64.28.176.0 - 64.28.191.255
 67.210.0.0 - 67.210.15.255
 77.67.83.0 - 77.67.83.255
 93.188.160.0 - 93.188.167.255
 85.255.112.0 - 85.255.127.255
 213.109.64.0 - 213.109.79.255

(Note:
Local DNS list can be found by using “ipconfig /all | findstr “DNS”
in the windows command prompt. If found any suspicious entries, delete the
entries and use ipconfig / flushdns to clear the previous entries
Access the Router interface and check the DNS entries. Refer the owner’s
manual for accessing and configuring the device.)

• Check the windows/Apple system for entries related to malicious DNS
servers
Typical registry entry will be like:

o
HKLM\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters\Interfaces\{random}
DhcpNameServer = 93.188.161.105
o
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{random}
DhcpNameServer = 93.188.166.105
o
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{random}
DhcpNameServer = 85.255.xx.xxx,85.255.xxx.xxx

• Check the host file entries, proxy setting in the browser configuration
in the local system for suspicious entries. Delete fraudulent entries if
found. The below given steps locates the entries.


Tools
• Anti-virus vendor AVIRA has released a DNS repair tool. This can be
downloaded from here to clean infected system

• If it is suspected that Router’s credentials are changed in
unathorised fashion, Reset the router settings and change the credentials
for the modem's interface and reboot devices.
Countermeasures
• Restrict Web Management Interface of Routers to authorized users and
change default username/passwords
• Report suspicious entries in Routers to your Internet Service Provider
• Keep up to date Antivirus on the computer system
• keep up-to-date on patches and fixes on the operating system and
applications

References:
http://www.fbi.gov/news/stories/2011/november/malware_110911/malware_110911
http://www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-ma
lware.pdf
http://techblog.avira.com/2012/01/23/avira-dns-repair-tool-released/en/
http://www.cert-in.org.in/s2cMainServlet?pageid=PUBVA01&VACODE=CIVA-2010-08
39
http://www.cert-in.org.in/s2cMainServlet?pageid=PUBVA01&VACODE=CIVA-2010-08
82
Posted by at No comments:

Friday, December 2, 2011

966 cyber crime cases reported in 2010






According to data maintained by National Crime Records Bureau (NCRB), a total of 217, 288, 420 and 966 cyber crime cases were registered under the Information Technology Act, 2000, during 2007, 2008, 2009 and 2010, respectively..
The nature of cyber crime recorded by NCRB included tampering computer documents, hacking, obscene publication/ transmission in electronic media, unauthorised access/attempt to access protected computer system, breach of privacy/ confidentiality and digital signature related crimes.
Posted by at No comments:

The Union home ministry is supporting the launch of a database of hackers who protect India’s online interests




Having suffered repeated attacks by hackers from across the globe, the Indian government has decided to turn to people who can fight them best—hackers themselves. The Union ministries of home affairs and information, communication & technology are backing a move by the Information Security and Analysis Centre (ISAC), a not-for-profit group based in Mumbai, to launch a pool of hackers who will be trained to protect India’s critical infrastructure, including the banking, power and telecom and space research sectors, from cyber attacks. The National Security Database (NSD) will be launched next week at a hacking conference in Mumbai.
http://www.outlookindia.com/printarticle.aspx?
Posted by at 1 comment:

Tuesday, November 29, 2011

Govt websites on hackers radar













CHECK THE LINK -:

http://zeenews.india.com/news/world/govt-websites-on-hackers-radar_744307.html
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)