If you run a network, operate a network, and/or part of the staff of a network, please read on for how you can help with the DNS Changer activities.

Whitepaper for checking and cleaning DNS Changer from your network (DNS Changer Remediation Techniques).

Subscribe to a Daily E-mail Update of DNS Changer Infections Matching your Net-Block

The following organizations will provide an daily E-mail update of all the infections seen through FBI controlled DNS servers. Each organization will validate that you are an official administrator of your Net-Block (or ASN).  This information can be used to track down computer in your network that has been violated by DNS Changer.

Organization How to Contact
Shadowserver.org Go to the ”Get Reports on Your Network” page and follow the instructions to apply for reports. These reports will cover all malware seen by Shadowserver.org
Arbor Networks https://atlas.arbor.net/contact/ (Use web form)
Team Cymru Please e-mail outreach@cymru.com with your organizational affiliation, ASN(s) and/or netblock(s), and request the free DNSChanger infection feed
Internet Identity E-mail to dnschanger_data_request@internetidentity.com to request a feed.

 

IDP/IPS Snort & Suricata Signatures

 

Thanks to the Emerging Threats community, we have updated and maintained signatures for DNS Changer. These signatures would be critical to an organization to spot and remediate violated machines in their network.

 

Please check out this updated list here (DNS Changer Signatures)

 

What is the “Emerging Threats community?” The community produces the fastest moving and most diverse Suricata and Snort Rulesets and firewall rules available. The community Open content is free to use by any user or organization, commercial or private. The community only ask that when you detect new threats in your environment or write new rules suitable for public release that you share that intelligence with the community at large through our mailing lists, or directly at threats@emergingthreats.net. The community updates these rulesets as new information surfaces (usually several times a day 7 days a week) and highly recommend you update at least twice a week to stay up to date. Daily is your best bet.