"Lil' Abner" <blvstk@dogpatch.com> wrote in
news:Xns9DCCF2C61E263butter@wefb973cbe498:

> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
> news:i3i7s002u63@news6.newsguy.com:
>
>> From: "smurf" <smurf@smurf.com>
>>
>>| Spotted it today, a dg834g netgear router was accessed by some
>>| malicious software which followed a limewire download. The software
>>| logged onto the router (using default password) and changed dns
>>| settings from automatic to a set of manual addresses.
>>
>>| The consequence was, of say a google search, any link had a results5
>>| prefix.
>>
>>| The standard fix for results5 infections was the tdds killer etc, of
>>| course no good here as the source of the problem was hte router.
>>
>>| removed the dns addresses, changed the password on the router and
>>| flushed the dns cache of the connected machines.
>>
>>| First time come across this.
>>
>>
>> http://www.trustedsource.org/blog/42...an-hacks-into-
>> r outers
>>
>> http://www.pc1news.com/news/0017/war...an-modifies-wi
>> r eless-router-settings.html
>>
>> http://vil.nai.com/vil/content/v_141841.htm
>
> OK, now you have *me* nervous. I had a problem earlier day with
> newegg.com getting redirected to dpbolvw.net. The latter is bad news
> and is blocked in my HOSTS file. So I got to reading this thread and
> decided to check my firewall settings in my D-Link 604 router.
> Look at http://mewnlite.com/di-604.gif
> The 4 circled items were not put there by me. The rest of them are all
> items I have listed under virtual server. According to what I've
> Googled, the legit Teredo has something it do with IPv6. The
> LIMExxxxxxxxx entries do not ring a bell with me - do they to anyone
> else?
OK. Since that post, I hooked up a spare router that was programmed
exactly the same as the original. The Teredo and Limexxxxx entries were
not there. So I hooked the original router back up and now the entries
are gone there too! OK, the LIMExxxxx entry made me wonder about
Limewire. I do have it installed but I haven't used it forever. So just
for kicks I started it up and sure enough the LIMExxxx entries ahowed
back up in my router. The Toredo ones did not. And when I shut Limewire
down the entry went away again.
So now I'm thoroughly confused. My router is protected with a very unique
password. How can an application change my settings so easily?

--
--- Everybody has a right to my opinion. ---