The Latest in IT Security

Virus faking DHCP Server widely raging in businesses’ networks

22
Sep
2011

Recently, users in many businesses’ networks find they suddenly cannot access any websites. Instead, they see a request to update their browsers.

On clicking “Bowser update”, a “program” is supposed to be downloaded to “update” users’ browsers.

This is indeed a virus.

LANs with such problems all have at least 1 computer infected with W32. Gatpaz.Worm. This virus imitates DHCP server, sends configuration information to clients to replace their DNS addresses with hacker’s server. Then, when the infected computers attempt to connect to the Internet, users will be redirected to phishing websites crafted by hacker.
Only LANs using DHCP Server for dynamic IP address assignment are affected.

In this IP address assignment model, each LAN is equipped with one DHCP server which is in charge of managing and assigning IPs to its clients. When a certain client needs an IP address to connect to the Internet, it broadcasts a message saying DHCPDISCOVER across the network. Upon receiving the message, DHCP server will process and allocate the client an IP address. The broadcasting process is where hacker exploits to build a fake DHCP server, provided Gatpaz has been successfully installed on any client of the network. Besides allocating IP address to the client, the fake DHCP Server changes the client’s DNS Server into hacker’s one. The hacker then gets the total control of users’ accessing websites.

To completely solve such phenomenon that viruses destroy businesses’ networks, Bkav recommends that a comprehensive enterprise antivirus solution be employed.

Analyst: Ngo Anh Huy – Bkav R&D

Leave a reply


Categories

SATURDAY, SEPTEMBER 21, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks