http://voices.washingtonpost.com/securityfix/2008/12/a_scary_twist_in_malware_evil-.html?nav=rss_blog
Looking this thing over, it appears that I'm right to be suspicious of wifi hotspots. The server could be working fine, but apparently, someone with an infected Winbox is all it would take to make this exploit happen. The article mentions that DNSChanger only works on Windows and Apple, but in theory, since one infected machine is acting as a relay, anything including cell phones set to search for wifi hot spots (truly platform agnostic) can be duped. So, naturally, I have some questions, and I think you guys will have the answers. 1) So DNSChanger basically sets up a wifi source. Under Linux, when I try to connect wirelessly under Fedora or Ubuntu, a list pops up of available signals, as well as whether or not they are secure. Will this dummy transmitter reveal itself in this list? Or, if I, say, go to Panera Bread and see two wifi signals for Panera instead of one, is this my cue to simply stay off the Internet, period? (As the saying goes, If you can't be sure, be careful. It's a jungle out there.) Also, if the signal is secure, is that a good sign that that signal is not the DNSChanger one? 2) My bookmarks, homepage settings, etc. One of the comments notes that domain names can be used to carry out the hijack, but using the actual numeric IP address circumvents this (i.e. a VPN network that goes by IP address instead of domain name). Is that true? And if so, does my browser store this information as a domain name or numeric IP address? 3) For Mac users like my dad -- the trojan is disguised as a plug-in that has to be downloaded for the browser to function. Does this mean, like in the case of Java or Flash, that the best course of action is to simply point the browser to the web site home of the plug- in (Sun or Adobe) and download it directly from them? 4) One commenter in the article says Linux users can avoid this problem by blocking unknown DNS servers or by running with limited privileges. Wouldn't the signal include something to make it not unknown (or, if you are going someplace you've never been before, wouldn't that potentially make a legit signal unknown)? And for limited privileges, would I just create a new user account and restrict the living daylights out of it, and that should prevent the problem? (I can see that helping under Windows with preventing installation, but not as far as the wifi signal being transmitted and intercepted.) Would that really work under Linux? I guess this is a good enough list for starters. I apologize if some of this is self-evident. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Linux Users Group. To post a message, send email to [email protected] To unsubscribe, send email to [EMAIL PROTECTED] For more options, visit our group at http://groups.google.com/group/linuxusersgroup -~----------~----~----~----~------~----~------~--~---
