The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DNSChanger rootkit?

Discussion in 'Security' started by jols, Apr 24, 2012.

  1. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
  2. NetMantis

    NetMantis BANNED

    Joined:
    Apr 22, 2012
    Messages:
    117
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Utah
    cPanel Access Level:
    DataCenter Provider
    Thanks for the info. It looks like it primary targets windows machines though the mention of "infecting routers" in the article is indeed particularly worry some.
     
  3. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    This was a Windows virus, long ago the FBI or some other agency took over the servers, they've just decided to take them down recently. Despite the article I thought the infection count wasn't huge?
     
  4. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Okay, thanks. Yup, sometimes various aspects of the news media tends to really blow stuff way put of proportion.
     
  5. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    Actually that article does suggest a fairly high infection count, but it's talking mainly about PCs. I'd suspect very few real routers (as distinct from home routers) were infected.

    What I don't understand is why, rather than turning the servers off, they don't start routing all DNS requests to a site that gives instructions on removal. Or just reroute facebook.com and hotmail.com - that should get people fixed pretty quickly. Or reroute every day from 9pm onwards, and from 8-10am. That way people can still use the internet but will have to fix themselves. Lots of options. But then again perhaps they're wanting people to think that they'll lose connectivity so they'll remove the infections.
     

Share This Page