Home / malware Trojan:BAT/Dnschanger.B
First posted on 26 April 2010.
Source: SecurityHomeAliases :
Trojan:BAT/Dnschanger.B is also known as Win-Trojan/Dnschanger.861696 (AhnLab), Trojan.BAT.DNSChanger.a (Kaspersky), Dnschanger.HKVP (Norman), BDS/Aacl.A (Avira), BAT.DnsChange.2 (Dr.Web), BAT/DNSChanger.A (ESET), DNSChanger!dr (McAfee), Troj/DNSChan-MX (Sophos), Trojan.Batnari (Sybari), TROJ_DNSCHNG.J (Trend Micro).
Explanation :
Trojan:BAT/Dnschanger.B is a trojan that changes the computer's DNS settings. It may arrive bundled with an application that modifies the iPhone.
Top
Trojan:BAT/Dnschanger.B is a DNS-changing trojan that arrives bundled with an application to modify the iPhone. This method is used as a social engineering method to entice users to download the application along with the trojan. Installation Trojan:BAT/Dnschanger.B arrives as a self-extracting Win32 CAB file. When run, it drops and executes the following files in the Windows Temporary Files folder:blackr~1.exe - the accompanying application br.exe - detected as Trojan:BAT/Dnschanger.B Payload Changes DNS server Trojan:BAT/Dnschanger.B changes the computer's DNS server to 188.210.236.250 for the following default Internet connection names: LAN LAN 1 LAN 2 Local Area Connection Local Area Connection 1 Local Area Connection 2 WAN WAN 1 WAN 2 Wireless Network Connection Wireless Network Connection 1 Wireless Network Connection 2
Analysis by Marian RaduLast update 26 April 2010
