Hilbert Map of DNS Changer Infections from Jan 2012 to March 2012

Shadowserver.org has provided a Hilbert Map (with video) of all the infections from Jan 2012 to March 2012.This is a useful tool to spot “hot spots” based on IPv4 prefix ranges. More information on Hilbert Maps can be found at: http://www.caida.org/research/traffic-analysis/arin-heatmaps/ http://www.team-cymru.org/Monitoring/Malevolence/maps.html  

Facebook Alerts Users About DNSChanger Malware

By Fahmida Y. Rashid Facebook will notify users who have DNSChanger malware on their computers of the infection and remind them that if left infected, they will lose Internet access come July 9. When a user browses to Facebook from a DNSChanger-infected computer, the social networking giant will display an alert with a link to Read More

DNSChanger ‘temporary’ DNS servers go dark soon: is your computer really fixed?

by Cameron Camp Security Researcher DNSChanger, a piece of malware that re-routed vast swaths of Internet traffic through rogue DNS servers after users became infected, was shut down by the FBI late last year. But simply shutting down the servers altogether would have ‘broken’ many hundreds of thousands of computers still infected–rendering it difficult for Read More

TechMan: Where do I report?

    May 6, 2012 12:03 am By Ced Kurtz / Pittsburgh Post-Gazette When the FBI asks for help, TechMan always tries to oblige. There was that small matter with Patty Hearst a few years ago. And to go even further back, there was the night J. Edgar called and asked if I knew which movie John Read More

DNSChanger – Cleaning Up 4 Million Infected Hosts

By Kurt Baumgartner The FBI’s “Operation Ghost Click” announcement in Nov 2011, involving the Rove Digital botnet delayed cleanup efforts that we previously discussed, continues to haunt both the internet networks and the mass media. A Forbes article and a Times article yesterday brought the apparition back to the front, with some claiming that the site offered by Read More

CIRA Develops Online DNSChanger Malware Checker

2012-04-21 The Canadian Internet Registration Authority (CIRA), in collaboration with Public Safety Canada and the Canadian Radio-television Telecommunications Commission (CRTC), has developed an online DNS Checker to screen users’ computers for the DNSChanger malware. CIRA says the free online tool lets Canadian Internet users to detect if their computer is affected by the DNSChanger malware. Read More

IDP/IPS “Snort” Signatures for DNS Changer

Thanks to the Emerging Threats community, we have updated and maintained signatures for DNS Changer. These signatures would be critical to an organization to spot and remediate violated machines in their network. Please check out this updated list here (DNS Changer Signatures) What is the “Emerging Threats community?” The community produces the fastest moving and Read More