Win32/Rbrute
Win32/Rbrute is a component belonging to Sality. Win32/Rbrute is used to changing the DNS settings in affected routers, allowing criminals to force computer users to visit certain websites with a high degree of success. Win32/Rbrute represents a significant threat that should be taken seriously. Win32/Rbrute is a component of the threat that has been operative for more than ten years, Sality, which is an amazingly long period when it comes to computers and computer security. In recent months, criminals have started to add different components and functionality to Sality. Win32/Rbrute is one of these components, released in the Fall of 2013, which allows Sality to hijack Web activity by changing the victims' router's DNS settings.
The Presence of Win32/Rbrute may Endanger Your DNS Settings
PC security researchers have been studying Win32/Rbrute since October of 2013, when Win32/Rbrute was first detected in Russia. Win32/Rbrute will first search the Web for different router models, including the brands Cisco, D-Link, Huawei, TP-Link and ZTE. The models that are most vulnerable and targeted are those by TP-Link. When Win32/Rbrute identifies one of these routers, Win32/Rbrute downloads a list of unsafe IP addresses and then attempts to attack the router's administration module using a brute force attempt. To carry out this brute force attempt, Win32/Rbrute downloads a list of commonly used passwords such as 'qwerty,' '12345,' 'admin,' and 'password.' These highlights the need to using strong passwords to protect your router and to change the default password to something safer. If Win32/Rbrute manages to gain access to the router, Win32/Rbrute changes the affected router's DNS server data.
Why Win32/Rbrute Should be Erased Immediately from Your Computer
The reason Win32/Rbrute changes the victims' DNS settings is that using this attack, criminals can control what the computer user views without the computer user or their security software being alerted. For example, when computer users type in the address for Google or Facebook, the modified router takes the affected Web browser to a fake version of the Google or Facebook pages, where the PC user is induced to enter a password. This event allows third parties to collect the victims' passwords for these and other websites.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.