A worm can now take over the DHCP and DNS servers, sending requests back to add in more malware containing locations.
Identified as Worm.Ropian.E, it immediately seizes the DNS and DHCP servers. Because these are some of the most important services that control Internet connections, the virus can make sure it redirects to a single place, no matter what URL is in the address bar.
The malicious destination looks like an error page that alerts “Your browser is no longer supported. Please upgrade to a modern software,” according to a Malware City blog post.
It would be easy to believe this message and click on the “Browser update” button at the bottom of the screen because every single request takes you to the same site.
If the user clicks the update button, the device will infect the system even further, acting as a DHCP server for the entire network of computers. To make everything more credible, the worm downloads a file called upbrowsers[date].exe, where the date is a variable that always matches the current date.
Once executed, the infection spreads even further, installing a TDSS rootkit that does even more damage to your device and your network.
Worm.Rorpian.E utilizes makes good use of some critical vulnerabilities and shared elements to expand the virus.