Flush.M 2.0 sets the DHCP lease time to just one hour and does not specify a DNS Domain Name, does not contain PAD options after the END option, and does set the BootP Broadcast Bit. BootP is typically used for configuring diskless workstations or for rolling out PC installations across a large network. SANS recommends monitoring network traffic for signs that systems are attempting to connect to any unapproved DNS server other than the one approved by the local DHCP server.
Security experts warned this week that they have seen a new variant of the DNS-changing Trojan.Flush.M malware that resembles a cyberattack from December.
The earlier version, which attempted to install a rogue DHCP server, allows cybercriminals to monitor traffic from the infected IP addresses in an organization network and direct other machines to visit malicious websites, security experts said.
The new variant is more sophisticated and hides the fake DHCP more effectively than the previous version did, experts said.
Cyberattacks, such as DNS-changing malware exploits, grew considerably in 2008. Security experts are warning that 2009 will be a year of constantly growing and changing cyberthreats, which has the potential to breach network security.
The new Trojan poses a measured risk to network security as its capable of affecting traffic flowing to and from systems that are themselves immune to the exploit Flush.M leverages
Source: mxlogic & arstechnica.com
Security experts warned this week that they have seen a new variant of the DNS-changing Trojan.Flush.M malware that resembles a cyberattack from December.
The earlier version, which attempted to install a rogue DHCP server, allows cybercriminals to monitor traffic from the infected IP addresses in an organization network and direct other machines to visit malicious websites, security experts said.
The new variant is more sophisticated and hides the fake DHCP more effectively than the previous version did, experts said.
Cyberattacks, such as DNS-changing malware exploits, grew considerably in 2008. Security experts are warning that 2009 will be a year of constantly growing and changing cyberthreats, which has the potential to breach network security.
The new Trojan poses a measured risk to network security as its capable of affecting traffic flowing to and from systems that are themselves immune to the exploit Flush.M leverages
Source: mxlogic & arstechnica.com
No comments:
Post a Comment