Protecting the “Home” Router

Protecting the “home” router is essential to the security of the Internet. We now have wave after wave of attacks that penetrate, abuse, and break into home routers that connect individuals, families, and small businesses.  The DNS Changer Working Group (DCWG) was created to help remediate Rove Digital’s malicious DNS servers. DCWG highlighted the value threat actors can obtain by taking over the home router, CPE, and network devices. The DCWG site is now focused on communicating Best Common Practices (BCPs), checklist, guides, and news to help secure these devices. The content is focused on all people, families, small businesses, ISPs, and broadband companies.


About the Original DNS Changer Working Group (DCWG)

The DNS Changer Working Group (DCWG) was created to help remediate Rove Digital’s malicious DNS servers. The DCWG helps monitor DNS servers run by ISC, under court order, in the former Rove Digital colo space.

The DCWG is an ad hoc group of subject matter experts and includes members from organizations such as Georgia Tech, Internet Systems Consortium, Mandiant, National Cyber-Forensics and Training Alliance, Neustar, Spamhaus, Team Cymru, Trend Micro, and the University of Alabama at Birmingham.

You can read more about the arrest of the Rove Digital  FBI Press Release and Operation Ghost Click – International Cyber Ring That Infected Millions of Computers Dismantled. This page is hosted at the Georgia Institute of Technology, under a research grant provided by the Office of Naval Research.

How to validate the legitimacy of the DCWG Site?

Many of these original DCWG sites are now depreciated or removed. This list is maintained to provide a historical reference. The simplest way to validate the DCWG is to go to one of the FBI articles about this activity that references the DNS Changer Working group:

  • Operation Ghost Click – http://www.fbi.gov/news/stories/2011/november/malware_110911
  • Manhattan U.S. Attorney Charges Seven Individuals for Engineering Sophisticated Internet Fraud Scheme That Infected Millions of Computers Worldwide and Manipulated Internet Advertising Business – http://www.fbi.gov/newyork/press-releases/2011/manhattan-u.s.-attorney-charges-seven-individuals-for-engineering-sophisticated-internet-fraud-scheme-that-infected-millions-of-computers-worldwide-and-manipulated-internet-advertising-business

  • FBI’s ” Check to See if Your Computer is Using Rogue DNS” – https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS (uses the same “are you infected infrastructure”).

The second way to validate DCWG is by checking a large number of Internet Service Providers (ISPs) and National CSIRT Teams who are participating with the campaign to clean up the DNS Changer infection.

Organizations participating with the DNS Changer Clean up Operation

Select the hyperlinked “Maintainers” to see which National CSIRT or Security Group is supporting the “are you infected” site.

[ahm-wp-tabular id=738 template=bluedream]


Internet Service Providers actively participating with DNS Changer Clean up Operation

[ahm-wp-tabular id=741 template=bluedream]

Note: If your ISP is not on the list, please ask them to contact the DCWG. We welcome participation.



Contact Information

You can contact the DCWG by sending email to webmaster@dcwg.org

Leave a Reply