With the growth of �clean DNS� services (primarily OpenDNS, which boasts over 10 million users), it was only a matter of time before scammers would catch on.
Enter Trusted-DNS, a service which purports to provide a �clean DNS�. In fact, it�s a dns changer that will likely redirect users to bad sites.
Looking at the download, we see some interesting things. It starts off calling: GetAdaptersInfo, which is used to check the current DNS settings.
Other strings and functions it uses include:
00402040 - DnsFlushResolverCache
00402058 - dnsapi
00402060 - DhcpNotifyConfigChange
00402078 - dhcpcsvc
00402084 - DhcpNameServer
00402094 - NameServer
004020A0 - SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\%s
0040219A - SHSetValueA
004021A6 - SHLWAPI.dll
004021B4 - GetAdaptersInfo
004021C4 - iphlpapi.dll
004021D4 - _snprintf
004021DE - ntdll.dll
004021E8 - WS2_32.dll
And so on.
Alex Eckelberry
No comments:
Post a Comment