Home / malware Trojan:Win32/Alureon.gen!J
First posted on 07 May 2019.
Source: MicrosoftAliases :
There are no other names known for Trojan:Win32/Alureon.gen!J.
Explanation :
Win32/Alureon.gen!J is a trojan that attempts to modify DNS settings on network routers. When executed the malware gets information on the network interfaces on the infected machine, and uses this to determine the IP address of the router and the DHCP server on the network, if any. If an IP address is obtained the malware attempts to open an HTTP connection and retrieve the router's default configuration page or any one of the following pages (which correspond to the web-based configuration pages for common models of network router): /index.asp
/dlink/hwiz.html
/home.asp
/wizard.htm The malware then attempts to authenticate itself on the router using a list of commonly used and default credentials. If successful, the malware attempts to alter the DNS settings on the router. The malware then checks to ensure that it was successful by performing a DNS query on the domain "infersearch.com" - it checks that the IP address returned is 69.50.190.107. The malware also posts information to the IP address 216.255.186.238. Analysis by Ray RobertsLast update 07 May 2019