Lock up your routers. The infamous but fascinating DNSChanger Trojan (AKA ‘Zlob’) has returned in a new variant that once again to hacks routers to redirect any DNS lookup made through that device. Ouch!
You don’t have to be a router God to know that anything that can hack into one can redirect all web access to whichever malevolent website it wants, and for any machine on all subnets using it.
Cleaning infected PCs on the network won’t end the problem because the router is still compromised. Luckily, we’re not talking about high-end boxes here, but everyday home routers, including those from Buffalo and Linksys, and possibly D-Link reports Brian Krebs at The Washington Post.
The fascinating bit is the simplicity of its attack, which employs a dictionary attack against its intended victim starting with the default passwords and user names for each vendor. Manufacturers can print unique MAC IDs on the bottom of every PC in the world but they can’t come up with a system for randomly different access keys for routers. Or at least enforce a password change when the device is first configured.
Here’s the dictionary used by Zlob/DNSChanger.
Here’s a link to my proven password generation tool, Kristanix’s Password Manager Deluxe , which also happens to be a secure place to keep any you already have or generate using it. The best $19.95 you’ll ever spend.