Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Tmobile G1 handsets having DNS problems?

Published: 2008-11-25
Last Updated: 2008-11-25 21:00:19 UTC
by Andre Ludwig (Version: 1)
0 comment(s)

John Kuhn Sent in the following links, which are of some interest.
http://forums.t-mobile.com/tmbl/board/message?board.id=Android3&thread.id=19618

http://androidcommunity.com/forums/f7/browser-hijacked-help-8057/

John of course has impeccable timing given my previous diary entry on OS X based dns changers.  Given the lack of solid data to pinpoint the issues that these users are observing we cannot come to any definitive conclusion.  If you have a G1 and have been experiencing these issues feel free to contact us with whatever information you have.  We would be curious to see if this is an infrastructure issue  (dns poisoning comes to mind), some installed application that has a hidden surprise, or previously owned home wifi routers.

Now since information is so spotty at this time, it may be that the users who are seeing this issue may be using wireless routers that were previously owned by zlob variants (see link below).  Unfortunately musing and conjecture really serves us little to no good in determining what is going on right now. Hopefully we will get some firm data on this situation so we can put creativity aside and address what ever is going on.

Brian Krebs article on the topic of ZLob changing home router settings.

http://voices.washingtonpost.com/securityfix/2008/06/malware_silently_alters_wirele_1.html

0 comment(s)
Diary Archives