If you run a network, operate a network, and/or part of the staff of a network, please read on for how you can help with the DNS Changer activities.
Whitepaper for checking and cleaning DNS Changer from your network (DNS Changer Remediation Techniques).
Subscribe to a Daily E-mail Update of DNS Changer Infections Matching your Net-Block
The following organizations will provide an daily E-mail update of all the infections seen through FBI controlled DNS servers. Each organization will validate that you are an official administrator of your Net-Block (or ASN). This information can be used to track down computer in your network that has been violated by DNS Changer.
|Organization||How to Contact|
|Shadowserver.org||Go to the ”Get Reports on Your Network” page and follow the instructions to apply for reports. These reports will cover all malware seen by Shadowserver.org|
|Arbor Networks||https://atlas.arbor.net/contact/ (Use web form)|
|Team Cymru||Please e-mail [email protected] with your organizational affiliation, ASN(s) and/or netblock(s), and request the free DNSChanger infection feed|
|Internet Identity||E-mail to [email protected] to request a feed.|
IDP/IPS Snort & Suricata Signatures
Thanks to the Emerging Threats community, we have updated and maintained signatures for DNS Changer. These signatures would be critical to an organization to spot and remediate violated machines in their network.
Please check out this updated list here (DNS Changer Signatures)
What is the “Emerging Threats community?” The community produces the fastest moving and most diverse Suricata and Snort Rulesets and firewall rules available. The community Open content is free to use by any user or organization, commercial or private. The community only ask that when you detect new threats in your environment or write new rules suitable for public release that you share that intelligence with the community at large through our mailing lists, or directly at [email protected]. The community updates these rulesets as new information surfaces (usually several times a day 7 days a week) and highly recommend you update at least twice a week to stay up to date. Daily is your best bet.