Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Large Organizations Make Progress Towards Eradicating DNSChanger Malware

Tacoma, Washington-based IID (Internet Identity), a provider of Internet security technology and services, today said that it has seen a dramatic decrease in Fortune 500 companies and what it considers “major” U.S. federal agencies that are infected with DNSChanger malicious malware.

Tacoma, Washington-based IID (Internet Identity), a provider of Internet security technology and services, today said that it has seen a dramatic decrease in Fortune 500 companies and what it considers “major” U.S. federal agencies that are infected with DNSChanger malicious malware.

In early February, SecurityWeek reported that approximately half of all Fortune 500 companies and major U.S. federal agencies were infected with DNSChanger malware.

By using its own internal data and sources from other security and Internet infrastructure organizations, IID now says at least 94 of all Fortune 500 companies and just three out of 55 major government entities had at least one computer or router that was infected with DNSChanger as of February 23, 2012.

In November 2011, the FBI and international authorities announced the disruption a massive cybercrime scheme that infected more than four million computers with DNSChanger Malware, malicious software that actively changes an infected system’s DNS resolution settings to use rogue servers that can redirect traffic to malicious servers and attempt to steal personal information and generate illegitimate ad revenue.

The sting, dubbed “Operation Ghost Click”, took down the cybercriminal operation which reportedly generated approximately $14 million for the cybercriminals over several years, and culminated with the arrest of six Estonian nationals.

In addition to the arrests, the rogue DNS servers operated by the cybercriminals were seized and replaced with legitimate servers for 120 days, at which time if the temporary servers were shut down, users infected with the DNSMalware would for the most part, be unable to use the Internet.

That looming deadline, originally set for March 8, has been extended by a Federal judge to July 9, 2012. But come July 9, computers and routers still infected with the malware will have no servers directing their DNS requests, and the Internet may literally go dark for people using those systems. (For a detailed background and analysis see the column, “The Day The Internet Will Break for Millions”.)

Enterprises and government agencies typically are able to control and access to their users’ machines, making it easier to clean them up, IID says. “So if this extension doesn’t help ISPs get ahead of this issue, it will make July 9th a very busy day at many ISP help desks around the country and the world.”

Advertisement. Scroll to continue reading.

“If places of business and government organizations can’t clean up their systems, what is being done to remediate residential systems?,” Kaspserky Lab’s Kurt Baumgartner asks.

Some ISPs including Comcast, have worked to notify customers about their infection through Splash pages on their Web browser and email notifications, but many more are still at risk.

In a blog post, Baumgartner highlights some ways that users can clean systems infected with the DNSChanger, including TDSSKiller, a free utility from Kaspersky that helps remove nasty malware and rootkits.

DNSChanger Malware

Organizations looking to see if DNSChanger is on their network can take advantage of free information from one of several organizations contributing to the effort to clean up infected machines. An list of organizations you can contact to get this information can be found at the DNS Changer Working Group website here.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

The US arm of networking giant TP-Link has appointed Adam Robertson as Director of Information and Security.

Raj Dodhiawala has been named Chief Product Officer at Eclypsium.

Cyber exposure management firm Armis has promoted Alex Mosher to President.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.