Subscribe to www.topherkris.comNews FeedSubscribe to www.topherkris.comComments

Browse > Home / Archive by category 'Internet'

Wsearch.net on Rogers: All That mygateway.net and 503 Jazz

November 27, 2008 by kris  
Filed under Internet

Leave a Comment

Earlier, i went away from the sports world to talk about the ridiculousness of wsearch.net

Here is the answer:

There’s a trojan out there for both Windows & Mac OS X that uses various techniques to gain access to a users system. It can be in a trojan (zlob) or disguised as a video codec for quicktime.

Inside, it contains a list of default login and passwords for various routers.  Seeing as how Rogers really doesn’t get you to change the password on their routers, and it works fine out of the box — very few people change their passwords.

The Virus looks at its list of passwords and logins and goes to town until it gets it right.

Once it gets it correct, it sets a crontab within OS X, and then notifies its own server.

The REASON why there is no predictable pattern behind when it decides to reroute you, is because it relies on your internet connection and how the i-web works. If a URL isn’t cached, it’ll query the DNS server which is your router.. which will look at the search domain when shit gets slow.  Ta Da.. Search domain shoots your computer back a message telling you that google.com  is located at xxx.xxx.xxx.xxx

WHILE ONLY ONE MACHINE ON YOUR NETWORK, WHETHER WIRELESS OR NOT, MAY BE AFFECTED — YOUR ENTIRE NETWORK IS AT RISK

So you must first GET RID of DNSCHANGER using whatever spyware removal tool you enjoy.

Then, you must change the routers default login and password so that its not the default.  Rogers SMC default login: cusadmin and password: password

Then, just for the hell of it. Use the open DNS servers.

use http://www.topherkris.com/2008/11/rogers-canada-and-smc-modems-kill-babies-wsearchnet-and-mygatewaynet/


http://blog.washingtonpost.com/securityfix/2008/06/malware_silently_alters_wirele_1.html

Tags: , , , , , , ,

Rogers Canada and SMC Modems Kill Babies: wsearch.net and mygateway.net

November 4, 2008 by kris  
Filed under Internet

3 Comments

SMC Wireless Modem

SMC Wireless Modem

wsearch.net and mygateway.net

So Rogers Canada went out and bought a bunch of fancy SMC Wireless modems to provide to their already frustrated client base which seemed quite nice.  No longer would you have to go out and purchase your own Wireless Router to connect to your Rogers Modem.


Unfortunately, SMC routers have an issue that no one seems to understand. After logging into the SMC router located at 192.168.0.1 (or some variant) you can type in the SMC default login: cusadmin and password: password and you’ll be brought to their navigation screen (if you’ve set a password, use that).

Click To Enlarge

To the left you’ll see where the SMC Wireless Router has decided to incorporate its own search domain.  This is a problem, a big problem.  While the majority of the time you’ll be redirected to wsearch.net, it opens up the door for other serious issues.  Wsearch.net as far as I can tell doesn’t impliment malware into any of its pop-ups, but that could change pretty easily. A Whois shows this:

DOMAIN NAME: WSEARCH.NET

REGISTRANT: Transure Enterprise Ltd

Host Master (hostmaster@transureent.com)

Mill Mall Suite 6 PO BOX 3085Wickhams Cay 1 Road Town

Tortola

Tortola, 3085

TEL: 1.5016482820

using PNS1.TRELLIAN.COM

I’m somewhat worried that this isn’t coming from around these parts.  Its actually coming from the British Virgin Islands! Lovely. I’m not certain if this only effects SMC routers where the default username and password haven’t been changed but its clearly a problem, so i’d say:

  1. Change the password of your SMC Wireless Router to something temporary
  2. Go in, and change the search domain to something from opendns.com
  3. Let the router restart, and reset your password to something new, that you can remember.
  4. Pray

Alternatively, a Quick Work around is as follows:

  1. open up a command terminal located in Programs -> Accessories -> Command Prompt
  2. Type in ipconfig to obtain your wireless IP and gateway (if your ip is 192.168.0.5, you’re gateway should be 192.168.0.1)
  3. Enter into your wireless properties, and set your IP as STATIC rather than Dynamic
  4. Fill in your IP, and Gateway
  5. Manually enter the opendns DNS servers into the two available sections
  6. Click Okay and then renew your wireless adapter if it doesn’t automatically attempt to reconnect
  7. This should work, and while you may have to change it back to DHCP every once and a while, following these steps should eliminate the need for your computer to contact the router for DNS information

Tags: , , , , , ,