dslreports logo
 story category
March 8 D-Day for DNSChanger Infected PCs
As FBI Tries to Tackle Pervasive Scumware

Two months ago law enforcement in Estonia shut down a massive Internet traffic hijacking scheme that used the latest versions of DNSChanger Trojans to hijack search results while blocking victims from visiting security sites. According to security researcher Brian Krebs, DNS Changer remains on computers at 50% of Fortune 500 companies, and on PCs at nearly 50% of all federal government agencies.

Click for full size
The good news? Krebs notes that after the shutdown law enforcement was able to replace the scumware's DNS infrastructure with legitimate DNS servers. The bad news? Those DNS servers stop working on March 8:
quote:
Computers still infected with DNSChanger are up against a countdown clock. As part of the DNSChanger botnet takedown, the feds secured a court order to replace the Trojan’s DNS infrastructure with surrogate, legitimate DNS servers. But those servers are only allowed to operate until March 8, 2012. Unless the court extends that order, any computers still infected with DNSChanger may no longer be able to browse the Web.
The FBI's effort to put DNSChanger to bed has resulted in some fairly silly headlines, such as "FBI might shutdown the Internet on March 8." While the date might not be apocalyptic, it's certainly going to be a busy one for ISP support reps unless the DNSChanger Working Group can somehow get the deadline extended.

Most recommended from 54 comments



n2jtx
join:2001-01-13
Glen Head, NY

3 recommendations

n2jtx

Member

Half?!?!?

This article needs to be rephrased. The statement "roughly half of the computers running at both Fortune 500 companies and government agencies are infected with the malware" is incorrect. From the original article, it says "found evidence of at least one DNSChanger infection in computers at half of all Fortune 500 firms, and 27 out of 55 major government entities". Quite a difference!