About

The DNS Changer Working Group (DCWG) was created to help remediate Rove Digital’s malicious DNS servers. The DCWG helps monitor DNS servers run by ISC, under court order, in the former Rove Digital colo space.

The DCWG is an ad hoc group of subject matter experts, and includes members from organizations such as Georgia Tech, Internet Systems Consortium, Mandiant, National Cyber-Forensics and Training Alliance, Neustar, Spamhaus, Team Cymru, Trend Micro, and the University of Alabama at Birmingham.

You can read more about the arrest of the Rove Digital principals here, and in the FBI Press Release. This page is hosted at the Georgia Institute of Technology, under a research grant provided by the Office of Naval Research.

How to validate the legitimacy of the DCWG Site?

The simplest way to validate the DCWG is to go to one of the FBI articles about this activity that references the DNS Changer Working group:

  • Operation Ghost Click – http://www.fbi.gov/news/stories/2011/november/malware_110911
  • Manhattan U.S. Attorney Charges Seven Individuals for Engineering Sophisticated Internet Fraud Scheme That Infected Millions of Computers Worldwide and Manipulated Internet Advertising Business - http://www.fbi.gov/newyork/press-releases/2011/manhattan-u.s.-attorney-charges-seven-individuals-for-engineering-sophisticated-internet-fraud-scheme-that-infected-millions-of-computers-worldwide-and-manipulated-internet-advertising-business

  • FBI’s ” Check to See if Your Computer is Using Rogue DNS” – https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS (uses the same “are you infected infrastructure”).

The second way to validate DCWG is by checking the large number of Internet Service Providers (ISPs) and National CSIRT Teams who are participating with the campaign to clean up the DNS Changer infection.

Organizations participating with the DNS Changer Clean up Operation

Select the hyper-linked “Maintainers” to see which National CSIRT or Security Group is supporting the “are you infected” site.

URL Language Maintainer
www.dns-ok.us English DNS Changer Working Group (DCWG)
www.dns-ok.de German Bundeskriminalamt (BKA) & Bundesamt für Sicherheit in der Informationstechnik (BSI)
www.dns-ok.fi Finnish, Swedish, English CERT-FI is the Finnish national reporting point for computer security incidents and information security threats. CERT-FI is also responsible of maintaining the national information security situation awareness system.
www.dns-ok.ax Swedish, Finnish, English CERT-FI is the Finnish national reporting point for computer security incidents and information security threats. CERT-FI is also responsible of maintaining the national information security situation awareness system.
www.dns-ok.be Dutch/French CERT-BE is the primary Belgian contact point for dealing with Internet security threats and vulnerabilities affecting Belgian interests.
www.dns-ok.fr French Le CERT-LEXSI est la division de veille et d'enquête sur Internet, dédiée à la protection du patrimoine en ligne des organisations.
www.dns-ok.ca English/French Canadian Internet Registration Authority (CIRA) and Canadian Cyber Incident Response Centre (CCIRC)
www.dns-ok.lu English CIRCL (Computer Incident Response Center Luxembourg) is the national Computer Security Incident Response Team (CSIRT - CERT) coordination center for the Grand-Duchy of Luxembourg
www.dns-ok.nl Dutch SIDN (the Foundation for Internet Domain Registration in the Netherlands)
dns-ok.gov.au English CERT Australia, Stay Smart Online, and Australian Communications and Media Authority joint page on DNSChanger Information
dns-changer.eu German, Spanish, English ECO (Association of the German Internet Industry)
dnschanger.detect.my Malaysian, English Hosted by CyberSecurity Malaysia and MYCERT
dns-ok.jpcert.or.jp Japanese JPCERT/CC - Japan Computer Emergency Response Team Coordination Center
www.dns-ok.it Italiano Telecom Italia Security Operation Center - IT.TS.SOC

 

Internet Service Providers actively participating with DNS Changer Clean up Operation

ISP Page
AT&T AT&T DNS Changer information page for Home and Business Customers and 8 Suggestions for Mitigating and Preventing DNSChanger Malware in your Enterprise - What Can Help You Avoid Being a Victim
Bell Canada Important information about DNS Changer malware
CenturyLink CenturyLink DNSChanger Customer Notice
Comcast DNS Changer Bot FAQ
COX COX DnsChanger Malware Information
Shaw Communications Shaw Virus Protection
Telecom Italia Assistenza Tecnica per DNS Changer Malware
Time Warner Cable & RoadRunner Time Warner Cable & Roadrunner Website for DNS Changer Malware
Verizon Verizon's Virus Help Website for DNS Changer Malware

Note: If your ISP is not on the list, please ask them to contact the DCWG. We welcome participation.

 

 

Contact Information

You can contact the DCWG by sending email to webmaster@dcwg.org