F5F Stay Refreshed Power Users Networks DNS threats identified following the transition to CloudFlare DNS settings.

DNS threats identified following the transition to CloudFlare DNS settings.

DNS threats identified following the transition to CloudFlare DNS settings.

B
bmarzano
Senior Member
Find
449
07-28-2023, 02:09 PM
#1
I chose to move from Googles DNS to CloudFlare after watching Linus's Floatplane video. Within ten minutes, my computer identified and blocked a Trojan. A scan with Malwarebytes revealed a bitcoin miner (though I hadn’t scanned recently). Just browsing YouTube—was it a coincidence?
Reply
Reply
B
bmarzano
07-28-2023, 02:09 PM #1

I chose to move from Googles DNS to CloudFlare after watching Linus's Floatplane video. Within ten minutes, my computer identified and blocked a Trojan. A scan with Malwarebytes revealed a bitcoin miner (though I hadn’t scanned recently). Just browsing YouTube—was it a coincidence?

Reply
Reply
L
Little_Happy
Junior Member
Find
6
07-29-2023, 06:03 PM
#2
Changing DNS providers from legitimate sources doesn’t automatically expose you to attacks unless the service itself is compromised. In such cases, they can only redirect you to a fake site, making it simpler to intercept requests (MITM) rather than taking control of the provider itself. Even then, attackers sometimes manage to remain undetected for a long time, especially if users aren’t vigilant. You’re likely encountering this through suspicious ads, unsafe websites, or unauthorized downloads.
Reply
Reply
L
Little_Happy
07-29-2023, 06:03 PM #2

Changing DNS providers from legitimate sources doesn’t automatically expose you to attacks unless the service itself is compromised. In such cases, they can only redirect you to a fake site, making it simpler to intercept requests (MITM) rather than taking control of the provider itself. Even then, attackers sometimes manage to remain undetected for a long time, especially if users aren’t vigilant. You’re likely encountering this through suspicious ads, unsafe websites, or unauthorized downloads.

Reply
Reply
W
Wildfox__
Member
Find
89
07-29-2023, 08:22 PM
#3
I keep track of my computer's resources regularly since they're on my second mini. After the Trojan was found, I saw the CPU increase.
Reply
Reply
W
Wildfox__
07-29-2023, 08:22 PM #3

I keep track of my computer's resources regularly since they're on my second mini. After the Trojan was found, I saw the CPU increase.

Reply
Reply
L
littleJ394
Junior Member
Find
47
07-30-2023, 05:10 PM
#4
Switching DNS providers doesn't grant access to download and install apps, whether they're safe or not. In the worst case, you might land on a fake site that mimics the real one but is infected. Even then, CloudFlare as a service would have had its security at risk, though this is rare. It usually happens when you click or download something. Unless everyone else uses the computer, it could be someone else who interacted with it.
Reply
Reply
L
littleJ394
07-30-2023, 05:10 PM #4

Switching DNS providers doesn't grant access to download and install apps, whether they're safe or not. In the worst case, you might land on a fake site that mimics the real one but is infected. Even then, CloudFlare as a service would have had its security at risk, though this is rare. It usually happens when you click or download something. Unless everyone else uses the computer, it could be someone else who interacted with it.

Reply
Reply
P
Pyromax33
Member
Find
193
08-05-2023, 01:41 AM
#5
It seems strange that it occurred after changing the DNS while I was using only one YouTube account.
Reply
Reply
P
Pyromax33
08-05-2023, 01:41 AM #5

It seems strange that it occurred after changing the DNS while I was using only one YouTube account.

Reply
Reply
W
Windlander
Member
Find
150
08-05-2023, 09:55 AM
#6
At the time the alert appeared, it didn't specify a location for the Trojan or Bitcoin miner's origin. Windows7ge noted that changing DNS providers wouldn't impact this, suggesting it might just be random. It's possible the threat involved downloading a malicious file or clicking on ads/scripts that triggered the AV detection after signature updates. Likely, someone accessed a site with suspicious content and inadvertently triggered the malware.
Reply
Reply
W
Windlander
08-05-2023, 09:55 AM #6

At the time the alert appeared, it didn't specify a location for the Trojan or Bitcoin miner's origin. Windows7ge noted that changing DNS providers wouldn't impact this, suggesting it might just be random. It's possible the threat involved downloading a malicious file or clicking on ads/scripts that triggered the AV detection after signature updates. Likely, someone accessed a site with suspicious content and inadvertently triggered the malware.

Reply
Reply
G
Gollum4545
Member
Find
107
08-05-2023, 11:06 AM
#7
I understand your point, but according to others, the most likely outcome would be being sent to fake sites, which seems improbable for YouTube. Are you the only one using this computer or do others have access?
Reply
Reply
G
Gollum4545
08-05-2023, 11:06 AM #7

I understand your point, but according to others, the most likely outcome would be being sent to fake sites, which seems improbable for YouTube. Are you the only one using this computer or do others have access?

Reply
Reply
F
FancyMushroom
Member
Find
157
08-05-2023, 11:45 AM
#8
It might help to scan other devices in your network to confirm no additional infected machines are involved. If you avoided a malicious site and Cloudflare redirected you to a suspicious page, the malware could be moving across your local network. The infection might have started on another system, which is a possibility. You may want to review the logs from Malwarebytes to identify the trojan and verify its details. It’s also possible the payload was scheduled, though this scenario is less likely. Do you remember the exact name of the malware? It should appear in your Malwarebytes logs. The lab’s detailed reports can clarify its behavior and spread method. Are you certain it wasn’t a false alarm?
Reply
Reply
F
FancyMushroom
08-05-2023, 11:45 AM #8

It might help to scan other devices in your network to confirm no additional infected machines are involved. If you avoided a malicious site and Cloudflare redirected you to a suspicious page, the malware could be moving across your local network. The infection might have started on another system, which is a possibility. You may want to review the logs from Malwarebytes to identify the trojan and verify its details. It’s also possible the payload was scheduled, though this scenario is less likely. Do you remember the exact name of the malware? It should appear in your Malwarebytes logs. The lab’s detailed reports can clarify its behavior and spread method. Are you certain it wasn’t a false alarm?

Reply
Reply