Phishing-based Trojans – Redirectors



Quote from: Phishing Activity Trends Report, Q1 2008
http://www.antiphishing.org/reports/apwg_report_Q1_2008.pdf

Definition: Crimeware code which is designed with the intent of
redirecting end-users’ network traffic to a location where it was not
intended to go to. This includes crimeware that changes hosts files
and other DNS-specific information, crimeware browser-helper objects
that redirect users to fraudulent sites, and crimeware that may
install a network level driver or filter to redirect users to
fraudulent locations. All of these must be installed with the
intention of compromising information which could lead to identify
theft or other credentials being taken with criminal intent.

Along with phishing-based keyloggers, we are seeing high increases in
traffic redirectors. In particular, the highest volume is in malicious
code which simply modifies your DNS server settings or your hosts file
to redirect either some specific DNS lookups or all DNS lookups to a
fraudulent DNS server. The fraudulent server replies with “good”
answers for most domains; however, when they want to direct you to a
fraudulent one, they simply modify
their name server responses. This is particularly effective because
the attackers can redirect any of the users requests at any time and
the end-users have very little indication that this is happening as
they could be typing in the address on their own and not following an
email or Instant Messaging lure.

So, the question!

HOW can I (and others) check to make sure this is not happening?

TIA

Dave
XP Home SP3 Wireless connection to Netgear router (Broadband via phone
line)
.



Relevant Pages

  • =?Windows-1252?Q?Re:_Phishing-based_Trojans_=96_Redirectors?=
    ... This includes crimeware that changes hosts files ... that redirect users to fraudulent sites, ... code which simply modifies your DNS server settings or your hosts file ...
    (microsoft.public.security)
  • Re: Spidering home page - and nothing else
    ... get a 6 with a 301 redirect. ... I asked the hosting company before if they would. ... They said it would go into a loop if they did. ... You have emailed them to me - was it your intent? ...
    (alt.internet.search-engines)