Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

DNSChanger Remains an Issue for Fortune 500

On July 9, the FBI will shutdown the temporary servers that enable systems infected by the DNSChanger malware to access the Web. For most, the shutdown will mean nothing; however that isn’t the case for 60 companies within the Fortune 500.

DNSChanger Malware

On July 9, the FBI will shutdown the temporary servers that enable systems infected by the DNSChanger malware to access the Web. For most, the shutdown will mean nothing; however that isn’t the case for 60 companies within the Fortune 500.

DNSChanger Malware

According to IID, 12% of the Fortune 500 and 4% of the major U.S. government agencies will have some computers that go dark on July 9, because they still haven’t cleaned their systems and removed the DNSChanger infection. The chances that a large number of systems within any of the Fortune 500 are infected are not likely, though IID’s numbers do mean that infection is showing somewhere in the organization.

Since it arrived to the Web in 2006, millions of systems were hit by DNSChanger. Fast-forward six years, and while six Estonians were arrested for running DNSChanger, despite the best efforts of the FBI, security community, and software vendors, more than 500,000 systems are still infected. Granted, this is a huge drop compared to the 4-6 million from years previous, but it is still a significant number.

The latest data from the DNSChanger Working Group shows that 303,867 IP addresses are infected. Of those, nearly 70,000 of them are in the U.S. Back in Feburary of this year, IIDs numbers showed that approximately half of the Forune 500 and Government organizations were infected, showing that significant progress has been made. 

In May, Google said that they would start warning users if they show signs of being infected DNSChanger. It is unknown how many warnings have been issued, or if there is a noticeable drop in infections since then, when they estimated the number of compromised hosts at 500,000.

Another issue is that while DNSChanger isn’t hijacking search results any longer, it can still activate the anti-virus aspect of its programming. When enabled, DNSChanger disables anti-virus protection on an infected system, so if a system is targeted by secondary malware, there is nothing to stop it from downloading and installing.

Related: DNSChanger is a Wake-up Call for Enterprise & Government DNS Resolver Management

Related: The Day The Internet Will Break For Millions

Written By

Click to comment

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Cyberwarfare

Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.

Cyberwarfare

The UK’s NCSC has issued a security advisory to warn about spearphishing campaigns conducted by two unrelated Russian and Iranian hacker groups.

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cybercrime

Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by...

Cyberwarfare

Cybersecurity firm Group-IB is raising the alarm on a newly identified advanced persistent threat (APT) actor targeting government and military organizations in Asia and...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...