09 |
Jul |
Article from Rik Ferguson
Filed under: Bad guys always lose,countermeasures,malware,Opinion,Underground Economy,vulnerability | RSS 2.0 | TB | Tags: Apple, botnet, compromise, cybercrime, Denial of Service, DNS, government, malicious code, malware, microsoft, security, web | 2 Comments
The DNSChanger malware modified the local DNS settings of an infected PC. This meant that criminals could assume control over the DNS resolution of the victim computer, effectively redirecting it to any destination of their choice, rather than the bank or search engine the user originally intended to visit (for example).
This ability was used primarily for click fraud by the Esthosts gang, redirecting searches and sites, to generate revenue by defrauding advertisers and advertising networks.
PCs which are still infected by the malware, or whose settings have not been corrected, even after the infection was cleaned up, are still querying those criminal servers. The FBI have been operating those servers since the warrant was executed, but their right to do so has now expired and the servers will be shut down. Meaning that any queries from those 300,000 computers will fall on deaf ears and to all intents and purposes, the web will go dark for the affected users
At the time when Trend Micro co-operated with the FBI in bringing the Esthosts gang to justice, we believed about 4 million PCs to be affected. This number has since dropped to about 300,000 and this should be considered a success. However with the definitive shut-off of the criminal DNS servers today, those 300,000 people face a potential total loss of web access.
If you’re reading this, you’re ok, but if your neighbour comes to your door asking who broke the Internet, now’s your chance to play knight in shining armour. And if you work on an ISP help desk… May the force be with you!
Image Credit: Camera Eye Photography
Related posts:
- How to check if you are a victim of Ghost Click
- The best form of defence?
- Don’t be dumb, keep schtumm!
- Beginning of the end for ZeuS/SpyEye?
- Malvertising, who’s responsible?
MondayPR • DNS Changer – historii ciąg dalszy: Wednesday, 18. July 2012 um 10:17 am |
|
[...] countermeasures.trendmicro.eu/dns-day-nobody-home/…] |
Name:
E-Mail (not published)
Website:
Spam protection
Legal Notice | Disclaimer
Tuesday, 10. July 2012 um 9:44 am
[...] countermeasures.trendmicro.eu/dns-day-nobody-home/ [...]