dnsChange virus

Discussion in 'Virus Information' started by Øyvind Granberg, Nov 13, 2008.

  1. From: "Leythos" <>

    | If you had disabled UPNP, not used the default network subnet, not used
    | the default password or not provided the password to some program, it
    | could not have changed it.

    | Disable UPNP, change from to on the router,
    | change the password, update the firmware if possible.

    Flashing the FirmWare is not needed.

    As of yet, I have not heard of uPnP or other protocols being used to bypass authentication
    at TCP port 80. This trojan uses a luandry list of known default passwords.

    I don't think that changing the default IP address would help. Lets assume that you did
    and the default password was still in place. Nodes getting a DHCP lease would obtain the
    IP address of the Router and the trojan would still exploit the weak and known password.
    David H. Lipman, Nov 17, 2008
    1. Advertisements

  2. Øyvind Granberg

    Leythos Guest

    My suggestions date back ages. The malware, in the older days, would use
    the default subnet of and to attempt connections
    and then use the default passwords.

    Some tools like AOL use to publish would ask for the password and then
    configure the router - I had read about that being exploited because of
    Leythos, Nov 17, 2008
    1. Advertisements

  3. Øyvind Granberg

    Kayman Guest


    Kayman, Nov 17, 2008
  4. Øyvind Granberg

    Leythos Guest

    You make think it's funny, but there are people still being hacked by
    Leythos, Nov 17, 2008
  5. Øyvind Granberg

    ~BD~ Guest

    Congratulations, Øyvind - I'll bet that you are pleased! ;-)

    Btw - what is the equivalent English equivalent of your first name? I
    discovered that Øyvind is from the Old Norse name Eyvindr, which was derived
    from ey meaning "island" and vindr possibly meaning "victory" or "wind".
    Just wondering.

    ~BD~, Nov 18, 2008
  6. Øyvind Granberg

    BoaterDave Guest

    Hello Daid H Lipman :)

    This URL has recently come to my attention: http://www.ezlan.net/index.html#Wireless
    Its title is 'Networking for Home & SOHO'

    The ezlan.net site overall appears to have a great deal of useful
    information, yet I have never happened upon it before. I should be
    most grateful if you would confirm (or otherwise) that this is a
    genuine site and not 'a wolf in sheep's clothing'.

    If you do not know, I suspect you might know someone who does. ;)



    BoaterDave, Nov 20, 2008
  7. Well BD...

    You've got it almost right.
    In fact you've got it right.
    But I like to use an interpretation of my name where Øy- is a rewrite or
    modernization of old Norse Ey- meaning island.
    The second part is -vind,as you mentioned derived from windr, meaning wind.
    But the context of the name is probably the name of a warrior who swept
    across the islands like a wind.
    I think it sounds better! To be named after a warrior and not a breeze of
    light air :)

    There is, to my knowledge, a English equivalent, but the pronunciation is
    very close to the Russian name Ivan.


    Vennlig hilsen
    Øyvind Granberg

    Øyvind Granberg, Nov 22, 2008
  8. Øyvind Granberg

    ~BD~ Guest

    I assumed that you meant that there is NO English equivalent.
    Thanks for your explanation - I shall remember you as Ivan the Terrible!
    Or maybe Oyvan ........... if said with an Irish lilt!

    ~BD~, Nov 24, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.