How to build a base for Trojan Horse security in a vro?

Trojan in the router !? It sounds impossible, but it does. Researchers reported that a Trojan horse known as "zlob" (also known as dnschanger) has been found to attack the victim's internet router and monitor the victim's network traffic; even more worried, the researchers tested 31 different anti-virus software and showed that only 11 Anti-Virus products can detect the trojan virus.

It is reported that if the user opens the IE browser will automatically load the asecurityassurance.com website, most of them will be infected with this trojan, as shown in 1. After the victim's Windows system is infected, zlob trojan tries to guess the combination of the router's username and password. If it succeeds, the trojan will change the DNS of the victim's router, so that all network traffic can be monitored.

Figure 1 Website

Speaking of this, some friends may not bother: What if I know the traffic? What if I try to guess the vro user name and password? Changing the account password and default IP address between vrouters does not leave a chance for these Trojans.

Indeed, when the vro itself has many built-in security features, this type of Trojan virus does not play much role, and its current malicious traffic monitoring behavior will not cause much harm. In fact, we should think like this: is it indicating the beginning of a new round of Security Attack and Defense trends when routers are infiltrated by Trojans? I believe you will never forget the CIH virus of the year. It is one of the most sinister viruses discovered so far! It not only damages the boot zone and partition table of the hard disk, but also damages the system program in the Flash BIOS chip of the computer system, resulting in damage to the motherboard (as shown in Figure 2 ). But at the beginning, how could a "program" damage the hardware system?

Figure 2 symptoms of infection

It makes sense to say that virus Trojans always come before anti-virus software. When anti-virus software is boasting about how powerful it is, another new virus is quietly brewing and spreading! Today, we believe that zlob Trojans will not "make a difference" when attacking the router, but it is difficult to protect it as a breakthrough to implement a more destructive DNS hijacking attack.

"Do not use simple birthdate and regular letter numbers for passwords". "Be sure to check the system for viruses, fix vulnerabilities, and upgrade patches at any time ", "Always be vigilant about using the Internet "..... We do not know how many times we have heard of these things. Why are Trojan viruses still common? Why do many computers suffer from viruses?

The carrier of the user's computer is also required for the destruction of Trojans to Routers. The previous CIH virus is also the same. Therefore, in any case, the security of the user's computer is the cornerstone of the building. The necessary security measures must be taken. install anti-virus software and pay attention to updates (discard pirated and cracked versions !) Strengthen security inspection on the local machine, and enhance security protection for all devices associated with the network. However, if you only use the hardest baseline stone and do not use the best cement to bond, the effect will be compromised. Therefore, I insist that, personal Internet habits, computer habits, and awareness of network security can directly affect the probability of Trojan viruses intrude into the system. From the perspective of my QQ online payment for more than 1600 days and broadband Internet access fees paid for nearly 1000 days, I have paid more attention to the prevention of network security risks. So far, CIH has not affected me, and Nimda has not affected me. Although the computer has changed to 4 generations, reinstalling the system, saving hard disk files, and so on, it is basically impossible to find a few headaches caused by viruses.

Finally, what kind of summary should we make? The message about zlob Trojan attacking the vro makes me scream here. What I want to express is not to blame the security performance of the vro, nor to blame the ambition of anti-virus software for being so slow, but to worry, if the user still uses "1234567" as the password, will the user be attacked next.

1. Enhance vro Security Protection
2. The famous technology blog reveals why Microsoft successfully invested in Facebook
3. Nine steps to protect Intranet security through Routers