chat.fatpipeinc.com

Knowledge Base / Load Balancing / SmartDNS - Inbound Load Balancing

Does the DNS-Changer Bug Affect the FatPipe Device?

No, the DNS Changer Bug is not a FatPipe related issue.

It is a virus that exists on the LAN - the outside world would see the IP address of the WAN interface the packet exits and flag that IP - but it is not a FatPipe related issue - the device on the LAN that is causing the issue/bug would need to be found and quarantined.

Additional information regarding DNSChanger is provided below:

In order for the REN-ISAC to learn how we can best aid the education community with network security matters we'd greatly appreciate hearing back from you regarding action on this incident and how, if at all, this information proved useful.

Research and Education Networking ISAC

24x7 Watch Desk: +1(317)278-6630, soc@ren-isac.net http://www.ren-isac.net

---------------

Regarding DNSChanger:

"DNSChanger is a trojan that will change the infected system's Domain

Name Server (DNS) settings, in order to divert traffic to unsolicited,

and potentially illegal sites." [1]

[1] Trojan:W32/DNSChanger

http://www.f-secure.com/v-descs/trojan_w32_dnschanger.shtml

Additional information:

Aliases [2]

TR/Dldr.DNSChanger (Avira)

Win32/Alureon (CA)

Trojan.DnsChange (Dr.Web)

Trojan.Zlob (Ikarus)

Trojan-Downloader.Win32.Zlob (Kaspersky)

DNSChanger (McAfee)

Troj/Zlob (Sophos)

Trojan-Downloader.Win32.Femad (Sunbelt Software)

Trojan.Zlob (Symantec)

TROJ_DNSCHAN (Trend Micro)

[2] Win32/Alureon

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fAlureon

Rogue DHCP servers

http://isc.sans.edu/diary.html?storyid=5434

DNS changer Trojan for Mac (!) in the wild (part 1)

http://isc.sans.edu/diary.html?storyid=3595

(Minor) evolution in Mac DNS changer malware (part 2)

http://isc.sans.edu/diary.html?date=2008-04-30

OS X DNS Changers part three (part 3)

http://isc.sans.edu/diary.html?storyid=5390

DNSChanger.f

http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=141841

----------------

Attachment: The incident data presented above is also provided in IODEF format

in the attached file. If you have questions about using the IODEF-formatted

data in automated processing with your incident tracking system, see:

* http://www.ren-isac.net/notifications/using_iodef.html

1513983312

152 of 346 people found this helpful.