Brad Curtis | July 05, 2012
Several news stories have emerged over the last year regarding potential loss of Internet connectivity for hundreds of thousands of computers due to malware dubbed DNS Changer. Social media has also been alight with flurries of warnings and reminders about this phenomenon.
Most victims probably do not know whether their computer is infected and others likely ignored the warnings, but on Monday, July 9th at 12:01 AM EDT, they will find out if they have the malware infection as they will lose Internet connectivity and likely start calling their ISPs for help.
To summarize the issue without all the fluff, the FBI busted a hacking outfit that ran a command and control Website, which the DNS Changer Malware on affected computers called out to and allowed the malicious attackers to take control of those computers. The FBI realized the malware would only connect to the Internet via the command and control web site due to DNS changes the malware made to the affected computer, so as soon as the malicious sites are taken down, hundreds of thousands of victims will lose their Internet connectivity. The FBI decided to leave a temporary web site available to allow victims time to remediate the issue to avoid losing Internet connectivity. The FBI also worked with a third party security vendor to create a web site (link below) to tell about the Malware and steps that victims can take to remediate the issue.
You can visit http://www.dcwg.org/ to learn more about this malware and how you can either check to see if your machine is infected using third party tools, or follow steps to manually check yourself.
Top 5 facts about the DNS Changer Malware:
- Mostly affected home computers but some business systems as well, including 50 of fortune 500 companies, which still have infected computers
- Approximately 568,000 computers were connecting to the malicious site at the time the hackers were busted
- Approximately 360,000 computers worldwide still actively connect to the site including approximately 64,000 in the U.S.
- A court ordered the FBI to leave a temporary site active to give victims time to remediate the issue
- Malware likely disabled antivirus on affected computers to evade detection
Solutionary created custom signatures to identify when clients’ computers try to reach out to hosts known to be associated with this malware. For more information about how you can protect your network, contact Solutionary today.
POST A COMMENT