Trojan.IStartSurf

By CagedTech in Trojans

Translate To:

The Extenbro Trojan, also detected as Trojan.IStartSurf, is a newly found DNS hijacking Trojan capable of swapping genuine DNS servers managed by a real ISP with rogue ones managed by malware actors. By doing so, Extenbro/Trojan.IStartSurf prevents targeted PC users from accessing AV software solutions, which may be needed for removing annoying adware tools planted by the DNS changer beforehand. The redirection from clean to compromised DNS servers is dependent upon successful neutralization of the IPv6 protocol.

DNS Changers have been in circulation since late-2011 when the FBI neutralized a slew of rogue DNS servers that communicated with PCs already taken hold of by a DNS Changer. When redirected to a rogue DNS changer, the PC user’s machine is bound to stay offline for good unless redirected to uncompromised DNS servers.

The goal pursued by malware actors using DNS-changing malware is to flood targeted users with endless streams of adware pop-ups and click baits, which could throw them into the deep end of greater malware threats potentially. The prospect of such an outcome is quite real for many pop-up advertisements that are designed to trick people into performing a series of page clicks, which may lead to one or more forms of threatening software landing on their machines. To achieve this malware escalation, the actors in charge need to block the PC user’s access to any anti-malware vendors. Since a DNS Changer is capable of locking anyone out of their Internet connection, the Extenbro/Trojan.IStartSurf can be used to do just that. Instead of blocking everything, however, Extenrbo’s usurpers have reduced their targets to four DNS servers, namely:

- 45.86.180.227
- 185.162.93.213
- 116.203.6.218
- 185.130.104.222

The servers mentioned above can only be seen in the Advanced TCP/IP Settings Tab. Even though an infected user can remove them one by one, they resurface upon system reboot thanks to a task scheduler planted deep into the User’s AppData directory. Last but not least, Extenbro embeds a root certificate right into the Windows Certificate Store. Infected users willing to overcome the DNS barrier put up by the Extenbro/Trojan.IStartSurf malware needs to search out the DNS servers used by their Internet Service Providers (ISPs) or seek specialized help.

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Trojan.IStartSurf

Submit Comment

Trending

'YouPorn' Email Scam

Safe Search Eng

Findtheirreport.com

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen