Thursday , March 4 2021
Home / News / New DNS Unlocker malware untraceable as it changes DNS server settings
New DNS Unlocker malware untraceable as it changes DNS server settings

New DNS Unlocker malware untraceable as it changes DNS server settings

A new set of clever malware and adware have been observed, and they are capable of making changes so as not to be detected by the DNS settings of an infected device. This is according to researchers from the security firm, ESET.

One of the threats that are doing this is the DNS Unlocker, something that the researchers over at ESET says should be regarded as potentially unwanted application. The malware manages to change the DNS settings on the infected computer and after puts malicious DNS servers which then put a corrupt JavaScript code. After this, the cyber attackers can then change the ads shown on the computer by companies such as Google and in the end, they put up new ads they want and which will help generate more income.

The DNS Unlocker malware has been ever present for some time now, and there are various articles available on the world wide web which indicate all the various ways you can use to remove the malware. An example is a Microsoft help article which was published back in August 2015, and the user was advised to reconfigure the IPv4, which is present in the Windows control panel tab. This way, the DNS server will be activated automatically. But ESET claims that this method might not bring the desired results anymore because users who attempt to access the IPv4 settings in the Windows Control panel tab will notice that the DNS servers are already being searched for automatically.

The researchers discovered that the malware was clever in that it hid its changes because it made corrections in the registry, a place where every network adapter have a NameServer. This is where users can see the value of the DNS and set a static DNS. When users put the DNS controls manually, they are stored in the file registry as lists, and each of them is separated by a comma. If the static addresses are put manually, they can be modified, and the changes will not be shown if the comma is replaced with space. This way if adding DNS addresses manually and leaving a space between the lists is one of the ways which gives hackers the chance to hijack the DNS settings and not leave any trace behind. This is one of the major problems that companies and individuals with remote setup will face.

Another way to remove the unwanted and rogue DNS addresses is also available. After clicking on the IPv4 tab in the control panel, if you go to the advanced settings tab, you can see the DNS server addresses as they are separated by space just like in the registry. In normal instances, they should be listed one under another. From here users can remove the rogue addresses, and their computers will be functioning well again.

ESET reported the flaw on May 10, after discovering it to Microsoft. The tech giant replied that they understood it was an issue, and they would try to cover it up with upcoming updates to the new operating software, but unfortunately they won’t treat it as a security threat. ESET discovered that the DNS Unlocker malware has been active since December 2015. The researchers said that the flaw was apparently on all versions of the Windows operating software and also said that the flaw would still work even if the comma was replaced with a semicolon instead of space.

About Ali Raza

Ali Raza is a freelance journalist with extensive experience in marketing and management. He holds a master degree and actively writes about crybersecurity, cryptocurrencies, and technology in general. Raza is the co-founder of SpyAdvice.com, too, a site dedicated to educating people on online privacy and spying.
@AliR1272

Check Also

Unblock Facebook at School

Russia to Target Facebook After Attack on Telegram

Following the mass-blocking of millions of IP addresses in the battle against Telegram, Roskomnadzor, the …

Leave a Reply

Your email address will not be published. Required fields are marked *