•  
• follow us on
• 
  

Pages

• Who’s blogging?
• Media
• Disclaimer

White papers

• The Botnet Chronicles: A Journey to Infamy
• Making the Most Out of Facebook's Privacy Settings
• History of Mobile Malware

Blogroll

• blog.trendmicro.com.tr
• blog.trendmicro.de
• blog.trendmicro.es
• Cloud Security Blog
• CTO Insights
• Fearless Web Blog
• Internet Safety for Kids & Family
• Trend Micro's Social Media Horizon
• TrendLabs Malware Blog

Categories

• Bad guys always lose
• Cloud
• countermeasures
• data leakage
• data protection
• Encryption
• Family Safety
• Hacking
• Interview
• Mac OS
• malware
• Mobile threats
• Opinion
• Phishing
• SEO
• Shameless plug
• Site Compromise
• SMiShing
• Social Engineering
• spam
• Underground Economy
• Updates & Patches
• Vishing
• vulnerability
• Web 2.0

Archives

• July 2012
• June 2012
• May 2012
• April 2012
• March 2012
• February 2012
• January 2012
• December 2011
• November 2011
• October 2011
• September 2011
• August 2011

July 2012

M	T	W	T	F	S	S
« Jun
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31

 
The DNSChanger malware modified the local DNS settings of an infected PC. This meant that criminals could assume control over the DNS resolution of the victim computer, effectively redirecting it to any destination of their choice, rather than the bank or search engine the user originally intended to visit (for example).
 
This ability was used primarily for click fraud by the Esthosts gang, redirecting searches and sites, to generate revenue by defrauding advertisers and advertising networks.
 
PCs which are still infected by the malware, or whose settings have not been corrected, even after the infection was cleaned up, are still querying those criminal servers. The FBI have been operating those servers since the warrant was executed, but their right to do so has now expired and the servers will be shut down. Meaning that any queries from those 300,000 computers will fall on deaf ears and to all intents and purposes, the web will go dark for the affected users
 
At the time when Trend Micro co-operated with the FBI in bringing the Esthosts gang to justice, we believed about 4 million PCs to be affected. This number has since dropped to about 300,000 and this should be considered a success. However with the definitive shut-off of the criminal DNS servers today, those 300,000 people face a potential total loss of web access.
 
If you’re reading this, you’re ok, but if your neighbour comes to your door asking who broke the Internet, now’s your chance to play knight in shining armour. And if you work on an ISP help desk… May the force be with you!

 
Image Credit: Camera Eye Photography
 

Related posts:

1. How to check if you are a victim of Ghost Click
2. The best form of defence?
3. Don’t be dumb, keep schtumm!
4. Beginning of the end for ZeuS/SpyEye?
5. Malvertising, who’s responsible?

This entry was posted on Monday, 9. July 2012 and is filed under "Bad guys always lose, countermeasures, malware, Opinion, Underground Economy, vulnerability". You can follow any responses to this entry with RSS 2.0. You can leave a response here, or send a trackback from your own site.

	Dziś Amerykanie wyłączyli serwery zainfekowane złośliwym oprogramowaniem DNS Changer | Cały czas zycie gra ja nawijam: Tuesday, 10. July 2012 um 9:44 am
[...] countermeasures.trendmicro.eu/dns-day-nobody-home/ [...]

	MondayPR • DNS Changer – historii ciąg dalszy: Wednesday, 18. July 2012 um 10:17 am
[...] countermeasures.trendmicro.eu/dns-day-nobody-home/…]

Name:

E-Mail (not published)

Website:

Spam protection

Sum of 4 + 6 ?

Keeping your tech safe on summer holiday »

« An app for predators? Technology misapplied.