Subscribe to www.topherkris.comNews FeedSubscribe to www.topherkris.comComments

Browse > Home /

Wsearch.net on Rogers: All That mygateway.net and 503 Jazz

November 27, 2008 by kris  
Filed under Internet

Leave a Comment

Earlier, i went away from the sports world to talk about the ridiculousness of wsearch.net

Here is the answer:

There’s a trojan out there for both Windows & Mac OS X that uses various techniques to gain access to a users system. It can be in a trojan (zlob) or disguised as a video codec for quicktime.

Inside, it contains a list of default login and passwords for various routers.  Seeing as how Rogers really doesn’t get you to change the password on their routers, and it works fine out of the box — very few people change their passwords.

The Virus looks at its list of passwords and logins and goes to town until it gets it right.

Once it gets it correct, it sets a crontab within OS X, and then notifies its own server.

The REASON why there is no predictable pattern behind when it decides to reroute you, is because it relies on your internet connection and how the i-web works. If a URL isn’t cached, it’ll query the DNS server which is your router.. which will look at the search domain when shit gets slow.  Ta Da.. Search domain shoots your computer back a message telling you that google.com  is located at xxx.xxx.xxx.xxx

WHILE ONLY ONE MACHINE ON YOUR NETWORK, WHETHER WIRELESS OR NOT, MAY BE AFFECTED — YOUR ENTIRE NETWORK IS AT RISK

So you must first GET RID of DNSCHANGER using whatever spyware removal tool you enjoy.

Then, you must change the routers default login and password so that its not the default.  Rogers SMC default login: cusadmin and password: password

Then, just for the hell of it. Use the open DNS servers.

use http://www.topherkris.com/2008/11/rogers-canada-and-smc-modems-kill-babies-wsearchnet-and-mygatewaynet/


http://blog.washingtonpost.com/securityfix/2008/06/malware_silently_alters_wirele_1.html

  • Share/Bookmark

Tags: , , , , , , ,