« Browsers hacked in seconds in Pwn2Own contest | Main | Web Application Security Spending Relatively Unscathed By Poor Economy »

Malware installing rogue DHCP server

Sans published an entry about a new piece of malware that installs a rogue DHCP server that specifies a rogue DNS server, presumably for phishing and malware deployment. I wouldn't be surprised if this concept is fairly old but it appears to be the first time a common piece of malware is using this method. Frankly I'm surprised we haven't seen malware install DHCP servers and specify itself as the gateway allowing for sniffing of non HTTPS traffic from other clients on the same network. 

Read more: http://isc.sans.org/diary.html?storyid=6025


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!