aeromed202
April 22nd, 2012, 19:32
DNSChanger Trojan
Saw an article about this in the paper today. Don't know how much might be hype about a simple problem but it might also be one of those insidious sleeper type things. It apparently mostly affects large business systems. Below is the reason for the information update, copied from the FBI website...
Update on March 12, 2012: To assist victims affected by the DNSChanger malicious software, the FBI obtained a court order authorizing the Internet Systems Consortium (ISC) to deploy and maintain temporary clean DNS servers. This solution is temporary, providing additional time for victims to clean affected computers and restore their normal DNS settings. The clean DNS servers will be turned off on July 9, 2012, and computers still impacted by DNSChanger may lose Internet connectivity at that time.
And from Gizmodo...
The DNSChanger Trojan originated in Estonia and might be lurking undetected on as many as a half-million computers in the United States, according to Brian Krebs. It has been found on the computers at half of all Fortune 500 companies and at 27 government agencies. The Trojan changes an infected computer's DNS settings to send users to fraudulent websites. What's more, the worm is particularly malicious in that it also prevents you from visiting security websites that might diagnose or fix the problem. While the men authorities suspect are behind the Trojan have been arrested, the Feds, working in concert with the Estonian government, have yet to put the final kill on the worm's botnet.
That's where the Internet shutdown comes in. The FBI has a court order allowing it to set up temporary replacement DNS servers so that those with infected computers or networks can get the worm off of their systems. The court order, however, expires on March 8th. Unless that order gets extended, anybody who hasn't cleaned up their act before it expires, might get cut off from the Internet altogether.
Below are some links for more detail. Searching revealed numerous sites about the story and many cited DCWG for help in fixing the problem.
For the story... http://www.fbi.gov/news/stories/2011/november/malware_110911
For the fix... http://www.dcwg.org/detect/
Saw an article about this in the paper today. Don't know how much might be hype about a simple problem but it might also be one of those insidious sleeper type things. It apparently mostly affects large business systems. Below is the reason for the information update, copied from the FBI website...
Update on March 12, 2012: To assist victims affected by the DNSChanger malicious software, the FBI obtained a court order authorizing the Internet Systems Consortium (ISC) to deploy and maintain temporary clean DNS servers. This solution is temporary, providing additional time for victims to clean affected computers and restore their normal DNS settings. The clean DNS servers will be turned off on July 9, 2012, and computers still impacted by DNSChanger may lose Internet connectivity at that time.
And from Gizmodo...
The DNSChanger Trojan originated in Estonia and might be lurking undetected on as many as a half-million computers in the United States, according to Brian Krebs. It has been found on the computers at half of all Fortune 500 companies and at 27 government agencies. The Trojan changes an infected computer's DNS settings to send users to fraudulent websites. What's more, the worm is particularly malicious in that it also prevents you from visiting security websites that might diagnose or fix the problem. While the men authorities suspect are behind the Trojan have been arrested, the Feds, working in concert with the Estonian government, have yet to put the final kill on the worm's botnet.
That's where the Internet shutdown comes in. The FBI has a court order allowing it to set up temporary replacement DNS servers so that those with infected computers or networks can get the worm off of their systems. The court order, however, expires on March 8th. Unless that order gets extended, anybody who hasn't cleaned up their act before it expires, might get cut off from the Internet altogether.
Below are some links for more detail. Searching revealed numerous sites about the story and many cited DCWG for help in fixing the problem.
For the story... http://www.fbi.gov/news/stories/2011/november/malware_110911
For the fix... http://www.dcwg.org/detect/