<p>Actually, I have a story about this. For thise who don't want to read the whole thing, this is why you should always change your default passwords. </p>
<p>I had a user tell me he was getting weird web pages and pop-ups from all of the computers on his home network. While I was testing from a Linux netbook, I noticed pages like Google were getting re-directed, too. I checked his router's config and found that because the router's default login had never been changed, someone who got access to his network through a Trojan had managed to reconfigure his network to use rogue DNS servers. Once I corrected it (and changed the password), everything went back to normal. The scary thing is that all of the computers just showed the router as their DNS server, so it would have been impossible to tell had I not checked the router on a hunch. He had already wiped his two PCs before he had me check things out, so this turned out to be a tactic that persisted and evaded extreme anti-malware measures. </p>
<p>Things keep getting more interesting as tech advances.</p>
<p>- Dan</p>
<p>Sent from mobile.</p>
<div class="gmail_quote">On Apr 20, 2012 7:49 PM, "matti" <<a href="mailto:mathew_2000@yahoo.com">mathew_2000@yahoo.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
<br>
Hi,<br>
<br>
Wow, this is actually an interesting story:<br>
<br>
<br>
Summary - Hijackers compromise windows systems, redirecting them to rogue DNS<br>
servers, and substituting ads ( and who knows what else ) in the legitimate websites<br>
and generate $$ from those ads.<br>
<br>
Authorities counter:<br>
<br>
Paul Vixie installed clean DNS servers to take place of Rogue DNS Servers after authorities<br>
<br>
dismantled hijacker ring<br>
<br>
( yes, this is why DNSSEC is good idea ;)<br>
<br>
<br>
<br>
"Hundreds of thousands may lose Internet in July"<br>
<br>
<a href="http://news.yahoo.com/hundreds-thousands-may-lose-internet-july-181324701--finance.html" target="_blank">http://news.yahoo.com/hundreds-thousands-may-lose-internet-july-181324701--finance.html</a><br>
<br>
..<br>
Hackers infected a network of probably more than 570,000 computers worldwide. They took advantage of vulnerabilities in the Microsoft Windows operating system to install malicious software on the victim computers. This turned off antivirus updates and changed the way the computers reconcile website addresses behind the scenes on the Internet's domain name system.<br>
The DNS system is a network of servers that translates a web address — such as <a href="http://www.ap.org" target="_blank">www.ap.org</a> — into the numerical addresses that computers use. Victim computers were reprogrammed to use rogue DNS servers owned by the attackers. This allowed the attackers to redirect computers to fraudulent versions of any website.<br>
The hackers earned profits from advertisements that appeared on websites that victims were tricked into visiting. The scam netted the hackers at least $14 million, according to the FBI. It also made thousands of computers reliant on the rogue servers for their Internet browsing.<br>
When the FBI and others arrested six Estonians last November, the agency replaced the rogue servers with Vixie's clean ones. Installing and running the two substitute servers for eight months is costing the federal government about $87,000.<br>
..<br>
<br>
thanks<br>
matti<br>
<br>
</blockquote></div>