Can the Symantec Endpoint Protection client detect the "DNSChanger" virus ?

Article:TECH182966  |  Created: 2012-03-04  |  Updated: 2013-09-17  |  Article URL http://www.symantec.com/docs/TECH182966
Article Type
Technical Solution

Product(s)

Environment

Issue



Can Symantec Endpoint Protection (SEP) detect the virus "DNSChanger"?


Solution



SEP can detect the DNS Changer, which Symantec named as Trojan.Flush.K. Update the computer's AntiVirus definitions to include protection against the latest known variants.

The Symantec Endpoint Protection and AntiVirus are not able the restore the DNS configuration.

More detailed information about this virus can be found in:
http://www.symantec.com/security_response/writeup.jsp?docid=2007-011811-1222-99
http://www.symantec.com/security_response/writeup.jsp?docid=2007-011811-1222-99&tabid=2


Further information can be found on the Security Response Blog article DNSChanger Fraud Ring Busted 

 

Additional resources

The following links are provided for convenience.  Symantec is not affiliated with these sites and these links should not be construed as an official endorsement.

Check to See if Your Computer is Using Rogue DNS

https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS

Information about the DNS-Changer (Federal Bureau of Investigation)
http://www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-malware.pdf


To test your system(s) whether they affected by DNS Changer, you can test the DNS configuration for example on the following websites:

Anti-Botnet
http://dns-changer.eu/

Deutsche Telekom / Bundesamt fuer Sicherheit in der Informationstechnik (Federal Office for Security in Information Technology)
http://www.dns-ok.de/
 





Article URL http://www.symantec.com/docs/TECH182966


Terms of use for this information are found in Legal Notices