Saturday, 4 June 2011

Malware runs own DHCP server

Researchers have discovered a variation of the TDSS rootkit that runs its own DHCP server. The upshot is that when computers on the network ask for their IP address and other network configuration details, they are send unhelpful Domain Name Server (DNS) settings.

The DNS settings direct the victims to a malicious webpage and block the rest of the web. The malicious page insists that the user install an application, which will attempt to infect the system. So one infection of TDSS on a network could turn into lots pretty fast.

More details are available at Kaspersky's Securelist.