Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

DNSChanger Remains an Issue for Fortune 500

On July 9, the FBI will shutdown the temporary servers that enable systems infected by the DNSChanger malware to access the Web. For most, the shutdown will mean nothing; however that isn’t the case for 60 companies within the Fortune 500.

DNSChanger Malware

On July 9, the FBI will shutdown the temporary servers that enable systems infected by the DNSChanger malware to access the Web. For most, the shutdown will mean nothing; however that isn’t the case for 60 companies within the Fortune 500.

DNSChanger Malware

According to IID, 12% of the Fortune 500 and 4% of the major U.S. government agencies will have some computers that go dark on July 9, because they still haven’t cleaned their systems and removed the DNSChanger infection. The chances that a large number of systems within any of the Fortune 500 are infected are not likely, though IID’s numbers do mean that infection is showing somewhere in the organization.

Since it arrived to the Web in 2006, millions of systems were hit by DNSChanger. Fast-forward six years, and while six Estonians were arrested for running DNSChanger, despite the best efforts of the FBI, security community, and software vendors, more than 500,000 systems are still infected. Granted, this is a huge drop compared to the 4-6 million from years previous, but it is still a significant number.

The latest data from the DNSChanger Working Group shows that 303,867 IP addresses are infected. Of those, nearly 70,000 of them are in the U.S. Back in Feburary of this year, IIDs numbers showed that approximately half of the Forune 500 and Government organizations were infected, showing that significant progress has been made. 

In May, Google said that they would start warning users if they show signs of being infected DNSChanger. It is unknown how many warnings have been issued, or if there is a noticeable drop in infections since then, when they estimated the number of compromised hosts at 500,000.

Another issue is that while DNSChanger isn’t hijacking search results any longer, it can still activate the anti-virus aspect of its programming. When enabled, DNSChanger disables anti-virus protection on an infected system, so if a system is targeted by secondary malware, there is nothing to stop it from downloading and installing.

Related: DNSChanger is a Wake-up Call for Enterprise & Government DNS Resolver Management

Related: The Day The Internet Will Break For Millions

Advertisement. Scroll to continue reading.
Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

Jill Passalacqua has been appointed Chief Legal Officer at autonomous security solutions provider Horizon3.ai.

Cisco has appointed Sean Duca as CISO and Practice Leader for the APJC region.

More People On The Move

Expert Insights