Select Page

Trusteddns499234999qp

With the growth of “clean DNS” services (primarily OpenDNS, which boasts over 10 million users), it was only a matter of time before scammers would catch on.

Enter Trusted-DNS, a service which purports to provide a “clean DNS”. In fact, it’s a dns changer that will likely redirect users to bad sites.

Looking at the download, we see some interesting things. It starts off calling: GetAdaptersInfo, which is used to check the current DNS settings.

Other strings and functions it uses include:

00402040 – DnsFlushResolverCache
00402058 – dnsapi
00402060 – DhcpNotifyConfigChange
00402078 – dhcpcsvc
00402084 – DhcpNameServer
00402094 – NameServer
004020A0 – SYSTEMCurrentControlSetServicesTcpipParametersInterfaces%s
0040219A – SHSetValueA
004021A6 – SHLWAPI.dll
004021B4 – GetAdaptersInfo
004021C4 – iphlpapi.dll
004021D4 – _snprintf
004021DE – ntdll.dll
004021E8 – WS2_32.dll

And so on.

Alex Eckelberry