Crouching Tiger, Hidden DNS

Minimalist · Jun 2, 2016

While this attack might not sound that interesting and may even seem simple to fix, what if it were not easily visible to the user? What if there was a way to set static DNS entries so that the Primary and Secondary DNS servers did not show up in the expected area in the GUI? Worse yet, your settings would say you were using DHCP, as you would expect to see, when you were not. This is exactly what has been done by a recent Potentially Unwanted Application (PUA) named DNS Unlocker and by a few other threats as well.
Click to expand...

http://www.welivesecurity.com/2016/06/02/crouching-tiger-hidden-dns/

itman · Jun 2, 2016

Easiest way to prevent crud like this is to use a firewall that monitors outbound connections. Then create an outbound rule for port 53 TCP/UDP with remote IP addresses set to the DNS servers you use. Make sure to also include the IPv6 addresses if your ISP is using it.

Rasheed187 · Jun 5, 2016

Isn't monitoring the registry keys related to the DNS settings enough to stop this?

Log in or Sign up

Crouching Tiger, Hidden DNS

Minimalist Registered Member

itman Registered Member

Rasheed187 Registered Member

Log in or Sign up

Crouching Tiger, Hidden DNS

Minimalist Registered Member

itman Registered Member

Rasheed187 Registered Member

Useful Searches