New Koobface Component: A DNS Changer
Aside from the new Twitter component we’ve also seen Koobface download a new component with the filename dns.exe, whose main purpose, it seems, is to modify the system’s DNS registry settings.
It is accomplished by inserting 213.174.139.72 (IP of the rogue DNS server) into the values of NameServer and DhcpNameServer found in the following registry key: [...]
Post from: TrendLabs | Malware Blog – by Trend Micro
New Koobface Component: A DNS Changer
