Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

DNS change via default passwords malware

  • 05-05-2015 1:11pm
    #1
    dbit
    Closed Accounts Posts: 1,322 ✭✭✭


    Seen this being used in a new malware that changes the dns entry on your router based on default usernames and passwords for routers , they then dump you to one of those call me now the entire world is up inside you anus alerts via the dns repoint.

    https://www.youtube.com/watch?v=tNjy91g2Rak


Comments

  • #2
    syklops
    Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    dbit wrote: »
    Seen this being used in a new malware that changes the dns entry on your router based on default usernames and passwords for routers , they then dump you to one of those call me now the entire world is up inside you anus alerts via the dns repoint.

    https://www.youtube.com/watch?v=tNjy91g2Rak

    Thats both kind of cool, and a bit terrifying.


  • #3
    dbit
    Closed Accounts Posts: 1,322 ✭✭✭dbit


    Ye i have worked on my evil twin understanding and engineered an eircom router page with jpg's a bit of css, php and sql i can now successfully social engineer the wpa keys from vodafone , eircom and sky routers using Kali airodump airebase and aireplay , a little tunnel and redirect to my bogus pages. (Dumps keys then to local mysql)

    IT was fun but if the malware families are attacking from inside out things are going to get messier .


  • #4
    dbit
    Closed Accounts Posts: 1,322 ✭✭✭dbit


    the lizard Squad heads did use this to build the DDOS platfrom :-
    http://krebsonsecurity.com/2015/01/lizard-stresser-runs-on-hacked-home-routers/


  • #5
    Khannie
    Registered Users, Registered Users 2 Posts: 37,485 ✭✭✭✭Khannie


    dbit wrote: »
    the lizard Squad

    Their attempt at taking over the Tor network by renting a heap of cloud computing was the sh*ttiest piece of "pwnage" I have ever seen in my life.

    "I haxd 127.0.0.1!!!!"


  • #6
    dbit
    Closed Accounts Posts: 1,322 ✭✭✭dbit


    Khannie wrote: »
    Their attempt at taking over the Tor network by renting a heap of cloud computing was the sh*ttiest piece of "pwnage" I have ever seen in my life.

    "I haxd 127.0.0.1!!!!"
    Lulz ye they got nabbed when they started to spin up servers on google cloud with stolen credit card numbers shire ffs. No tact at all.


  • Advertisement
  • #7
    dbit
    Closed Accounts Posts: 1,322 ✭✭✭dbit


    Just to look out for some nasty DNS at the mo :-
    143.95.100.33 Disease Vector
    202.188.1.5 Disease Vector
    202.76.170.228 C&C server
    209.18.47.61 Disease Vector
    218.186.2.16 Disease Vector
    218.186.2.6 Disease Vector
    219.141.140.10 Disease Vector
    5.5.5.5 Disease Vector


Advertisement