SecurityHome.eu Trojan:W32/DNSChanger.ARNF

Home / malware PDF

Trojan:W32/DNSChanger.ARNF

First posted on 12 December 2008.
Source: SecurityHome
Aliases :
There are no other names known for Trojan:W32/DNSChanger.ARNF.
Explanation :
A trojan, or trojan horse, is a seemingly legitimate program which secretly performs other, usually malicious, functions. The program is often started by the user, and it does not usually replicate.

right]This malicious software is dropped onto the system by Trojan-Dropper:W32/Agent.FLN. It is used to change the DNS settings on a system so that information such as passwords and credit card details can be retrieved.

Installation

During installation, this malware creates the following files:

c:autorun.inf
contains the autostart routine for c:
esycledoot.com

c:
esycledoot.com
detected as Trojan:W32/DNSChanger.ARNF

It also creates this directory:

c:
esycled

Execution

Once installed, this malware attempts to connect to a website via HTTP POST:

http://94.247.2.104/[...]/generator

It is capable of changing the DNS settings in the machine to:

85.255.115.237

85.255.112.201.

Last update 12 December 2008

TOP

Malware :

Last 20

Trojan:W32/DNSChanger.ARNF

Aliases :

Explanation :

Malware :

Family: