Crouching Tiger, Hidden DNS

Discussion in 'malware problems & news' started by Minimalist, Jun 2, 2016.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,079
    http://www.welivesecurity.com/2016/06/02/crouching-tiger-hidden-dns/
     
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Easiest way to prevent crud like this is to use a firewall that monitors outbound connections. Then create an outbound rule for port 53 TCP/UDP with remote IP addresses set to the DNS servers you use. Make sure to also include the IPv6 addresses if your ISP is using it.
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    Isn't monitoring the registry keys related to the DNS settings enough to stop this?