Home / Resource Center / Blog / Risk of Losing Internet Connectivity Due to DNS Changer Malware on July 9th

Risk of Losing Internet Connectivity Due to DNS Changer Malware on July 9th

Brad Curtis

Brad Curtis    |    July 05, 2012

Several news stories have emerged over the last year regarding potential loss of Internet connectivity for hundreds of thousands of computers due to malware dubbed DNS Changer. Social media has also been alight with flurries of warnings and reminders about this phenomenon.

Most victims probably do not know whether their computer is infected and others likely ignored the warnings, but on Monday, July 9th at 12:01 AM EDT, they will find out if they have the malware infection as they will lose Internet connectivity and likely start calling their ISPs for help.

To summarize the issue without all the fluff, the FBI busted a hacking outfit that ran a command and control Website, which the DNS Changer Malware on affected computers called out to and allowed the malicious attackers to take control of those computers. The FBI realized the malware would only connect to the Internet via the command and control web site due to DNS changes the malware made to the affected computer, so as soon as the malicious sites are taken down, hundreds of thousands of victims will lose their Internet connectivity. The FBI decided to leave a temporary web site available to allow victims time to remediate the issue to avoid losing Internet connectivity. The FBI also worked with a third party security vendor to create a web site (link below) to tell about the Malware and steps that victims can take to remediate the issue.

You can visit http://www.dcwg.org/ to learn more about this malware and how you can either check to see if your machine is infected using third party tools, or follow steps to manually check yourself.

Top 5 facts about the DNS Changer Malware:

 

  1. Mostly affected home computers but some business systems as well, including 50 of fortune 500 companies, which still have infected computers
  2. Approximately 568,000 computers were connecting to the malicious site at the time the hackers were busted
  3. Approximately 360,000 computers worldwide still actively connect to the site including approximately 64,000 in the U.S.
  4. A court ordered the FBI to leave a temporary site active to give victims time to remediate the issue
  5. Malware likely disabled antivirus on affected computers to evade detection


Solutionary created custom signatures to identify when clients’ computers try to reach out to hosts known to be associated with this malware. For more information about how you can protect your network, contact Solutionary today.

Additional links:

Fox News

Yahoo News

MSNBC

POST A COMMENT

Name
Email
Comment
<< All Entries

Solutionary is a leading managed security service provider. The company reduces the information security and compliance burden, providing flexible security services that work the way clients want; enhancing existing initiatives, infrastructure and personnel. This blog is a place to learn about, and discuss, a wide variety of security and compliance topics.

LATEST TWEETS