Extenbro DNS-Changer Used in Adware Campaign

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
A recently observed DNS-changer Trojan is being used in an adware campaign to prevent users from accessing security-related websites, Malwarebytes reveals.

While the tactic isn’t new, this threat features some additional tricks and the actors behind this attack have been known to use aggressive techniques in the past. In this instance, they simply attempt to prevent users from removing their adware from the compromised systems.

Dubbed Extenbro, the Trojan is delivered via a bundler. Once on the compromised device, the malware changes the DNS settings to prevent the system from accessing the websites of security vendors. Users can only notice the addition of four DNS servers by heading to the Advanced DNS tab in Windows.

To ensure that the DNS changes live past computer reboots, the malware creates a randomly-named Scheduled Task that points to a fixed-location folder, Malwarebytes reveals.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top