ESET Detected A Flaw In Windows That Makes It Hard To Tackle DNS Hijacking
Created: 2016-06-03 03:21:35
ESET experts found a new version of the DNS Unlocker malware equipped with a unique capability to re-configure DNS settings on the victim’s computer.
DNS Unlocker belongs among so called Potentially Unwanted Applications; its purpose is to display advertisements to the victim. Typically, a computer user affected by DNS Unlocker will see advertisements with a note at the bottom like “Ads by DNS Unlocker” and multiple variations of “support scam” pop-ups.
DNS Unlocker belongs among so called Potentially Unwanted Applications; its purpose is to display advertisements to the victim. Typically, a computer user affected by DNS Unlocker will see advertisements with a note at the bottom like “Ads by DNS Unlocker” and multiple variations of “support scam” pop-ups.
“DNS hijacking is not that damaging – in comparison to, say, ransomware – and it has always been easy to fix. With the new variant of DNS Unlocker, the latter is no longer true,” comments James Rodewald, ESET Malware Removal Support Supervisor.
ESET experts have found that this DNS Unlocker is able to trick Windows into displaying a different DNS configuration from what it had set as default.
ESET experts have found that this DNS Unlocker is able to trick Windows into displaying a different DNS configuration from what it had set as default.
“Within the graphical interface, it appears that you are using an automatically assigned DNS server address when in fact you are using the static ones. In short, this is a DNS hijack which forces the use of hidden DNS servers. This makes the issue quite difficult to solve for typical users,” says James Rodewald.
ESET experts analyzed the trick and identified the underlying issue with how Windows handle these DNS addresses and sent the details to Microsoft on May 10th 2016. The Microsoft Security Response Center (MSRC) acknowledged the problem, but, unfortunately, did not classify it as a security vulnerability. “As modifying the registry requires administrative privileges, we do not consider this to meet the bar for security servicing through MSRC”, the reasoning reads.
ESET experts analyzed the trick and identified the underlying issue with how Windows handle these DNS addresses and sent the details to Microsoft on May 10th 2016. The Microsoft Security Response Center (MSRC) acknowledged the problem, but, unfortunately, did not classify it as a security vulnerability. “As modifying the registry requires administrative privileges, we do not consider this to meet the bar for security servicing through MSRC”, the reasoning reads.
“Hopefully, Microsoft will address this issue in future versions of Windows. Until then, users should be aware of the possibility of DNS hijacking,” comments Marc-Etienne Léveillé, an ESET Malware Researcher who participated in the research.
ESET experts came up with a set of preventive measures and also with tips for remediation.
- Don’t surf the web with administrator’s privileges; use them only where necessary
- If you see unexpected advertisements, especially if they offer a “Ads by DNS Unlocker” badge or similar, check your DNS settings in the advanced pane of TCP/IP settings
- If you see a pop-up window with some kind of offer for support, be extremely wary and prior to any other actions, check your DNS settings
- If in any doubt about DNS settings, you can remove the bad DNS entries from the DNS tab of the Advanced TCP/IP Settings page. Scan your computer with ESET Online Scanner to remove the DNS Unlocker malware and to make it stop tampering with your DNS settings.
- Follow all basic rules for the safe use of the internet, including having a quality security solution; ESET Smart Security fully protects from the DNS Unlocker.
ESET experts came up with a set of preventive measures and also with tips for remediation.
- Don’t surf the web with administrator’s privileges; use them only where necessary
- If you see unexpected advertisements, especially if they offer a “Ads by DNS Unlocker” badge or similar, check your DNS settings in the advanced pane of TCP/IP settings
- If you see a pop-up window with some kind of offer for support, be extremely wary and prior to any other actions, check your DNS settings
- If in any doubt about DNS settings, you can remove the bad DNS entries from the DNS tab of the Advanced TCP/IP Settings page. Scan your computer with ESET Online Scanner to remove the DNS Unlocker malware and to make it stop tampering with your DNS settings.
- Follow all basic rules for the safe use of the internet, including having a quality security solution; ESET Smart Security fully protects from the DNS Unlocker.
About ESET
ESET®, the pioneer of proactive protection and the maker of the award-winning ESET NOD32® technology, is a global provider of security solutions for businesses and consumers. For over 26 years, the Company continues to lead the industry in proactive threat detection. By obtaining the 80th VB100 award in June 2013, ESET NOD32 technology holds the record number of Virus Bulletin "VB100” Awards, and has never missed a single “In-the-Wild” worm or virus since the inception of testing in 1998. In addition, ESET NOD32 technology holds the longest consecutive string of the VB100 awards of any AV vendor. ESET has also received a number of accolades from AV-Comparatives, AV-TEST and other testing organisations and reviews. ESET NOD32® Antivirus, ESET Smart Security®, ESET Cyber Security® (solution for Mac), ESET® Mobile Security and IT Security for Business are trusted by millions of global users and are among the most recommended security solutions in the world.
ESET recently updated its two-factor authentication (2FA) application, adding a secure validation to weak and static user passwords. This updated version of ESET’s 2FA application provides flexibility and deeper integration of 2FA into bespoke applications, making it the best cost-effective solutions for SMBs everywhere.
The Company has global headquarters in Bratislava (Slovakia), with regional distribution centers in San Diego (U.S.), Buenos Aires (Argentina), and Singapore; with offices in Jena (Germany), Prague (Czech Republic) and Sao Paulo (Brazil). ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Singapore, Prague, Košice (Slovakia), Krakow (Poland), Montreal (Canada), Moscow (Russia) and an extensive partner network for more than 180 countries. For more information visit https://eset.version-2.sg/ or follow us on Facebook.
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. Headquartered in Hong Kong, the Company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which includes Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
Version 2 Limited.
For more information, please visit www.version-2.com.sg or call (65) 6296-4268.
Join ESET at Facebook