New DNS Trojans attempt to hijack entire LAN

A new rash of Trojans has been detected that attempts to hijack entire local area networks (LAN) by masquerading as a DHCP server on the network. This allows the malware to set itself up as the domain name server (DNS). This will allow for the possibility for even hardened or non-Windows machines to be misdirected to visit malicious sites in order to exploit any vulnerabilities that they might have.

Johannes Ullrich, CTO of the SANS Internet Storm Center highlighted the danger of this attack vector to The Register. "This kind of malware is definitely dangerous because it affects systems that themselves are not vulnerable. So all you need is one system infected in the network and it will affect a lot of other non-vulnerable systems."

There are ways to mitigate this problem, such as switching to a manually assigned--also called static--IP configuration. However, with more workstations being laptops running off a wireless network nowadays, it translates into a rather annoying inconvenience. In addition, such a strategy will not work for large networks with thousands of machines.

As such, the recommendation is for the enterprise to identify dodgy domain name servers by monitoring connections for DNS requests to addresses those not approved for the network.

For more on this story:
- check out this article at The Register

Related Articles:
'Cloud-based' zombies available for as little as $299 per month
Taking security to the clouds
Hackers hide behind Olympics