DNSChanger malware spread to PCs & Macs via TDSS rootkit

The nearly imperceptible TDSS rootkit has added a twist to its computer-jacking repertoire. New research has revealed it's also spreading DNSChanger, a malicious trojan that reroutes Internet traffic.

ADVERTISEMENT

Kaspersky Labs' Threat Post blog called the combination an "unholy alliance."

"As much of a nightmare as TDSS, also known as Alureon or TDL4, can be, an infection by DNSChanger can be just as problematic in some respects," explained Threat Post. "The malware's main function is to hijack the victim's Web traffic by changing the DNS settings on the infected machine, redirecting him to malicious sites rather than whichever ones he's aiming to visit."

Citing research from Dell SecureWorks, The Register reported that a TDSS infection likely means victims are susceptible to - or already infected by - other viruses.

ADVERTISEMENT

"One of the key worries with being infected with the DNSChanger malware is that it often an indicator that your system is infected with a larger malware cocktail, where the hacker, along with DNSChanger, has downloaded a slew of malware: Rogue AV, ZeuS Banking Trojan, Spam Bot, etc.," explained SecureWorks. "Controlling DNS literally gives an attacker complete access to a system."

Last week, the FBI announced it busted six Estonians accused of propagating DNSChanger in more than 4 million computers across 100 countries.

Dubbed "Operation Ghost Click," the two-year investigation discovered around 500,000 U.S.-based computers were infected by DNSChanger. According to agents, the illicit ploy earned the cyber gang approximately $14 million.

ADVERTISEMENT

"They were organized and operating as a traditional business but profiting illegally as the result of the malware," said the FBI. "There was a level of complexity here that we haven't seen before."

The FBI has since released a chart (.pdf) which helps security-conscious web denizens determine whether they're unwittingly hosting DNSChanger - in case the constant redirects didn't give it away.

Credit: FBI

Are you DNSChanger-free? Let us know in the comment section.

No posts to display