DNSChanger – Cleaning Up 4 Million Infected Hosts

By Kurt Baumgartner The FBI’s “Operation Ghost Click” announcement in Nov 2011, involving the Rove Digital botnet delayed cleanup efforts that we previously discussed, continues to haunt both the internet networks and the mass media. A Forbes article and a Times article yesterday brought the apparition back to the front, with some claiming that the site offered by Read More

CIRA Develops Online DNSChanger Malware Checker

2012-04-21 The Canadian Internet Registration Authority (CIRA), in collaboration with Public Safety Canada and the Canadian Radio-television Telecommunications Commission (CRTC), has developed an online DNS Checker to screen users’ computers for the DNSChanger malware. CIRA says the free online tool lets Canadian Internet users to detect if their computer is affected by the DNSChanger malware. Read More

IDP/IPS “Snort” Signatures for DNS Changer

Thanks to the Emerging Threats community, we have updated and maintained signatures for DNS Changer. These signatures would be critical to an organization to spot and remediate violated machines in their network. Please check out this updated list here (DNS Changer Signatures) What is the “Emerging Threats community?” The community produces the fastest moving and Read More

8 Suggestions for Mitigating and Preventing DNSChanger Malware in your Enterprise – What Can Help You Avoid Being a Victim

8 Suggestions for Mitigating and Preventing DNSChanger Malware in your Enterprise What Can Help You Avoid Being a Victim March 28th, 2012 by Brian Rexroad   This is a follow-up to a previous blog that was titled “Stopping DNS Changer Malware on the Internet.”  I have been receiving some questions from enterprise customers about this Read More

DNS Changer: Countdown clock reset, but still ticking

By Gary Warner Last November, the main FBI.gov website headline was “DNS Malware: Is Your Computer Infected?”. The story detailed the arrest of six Estonian criminals who had infected more than 4 million computers with malware that changed Domain Name Server settings on the impacted computers. The impact of this change was that when a Read More

Consumer alert: Is your computer infected with DNSChanger?

{From Australia}       DNSChanger is malicious software (malware) that may have been installed on your computer without your knowledge. Approximately 10,000 Australian internet users are currently infected with this malware. If your computer is infected you need to remove it. If you don’t remove it by 9 July 2012, you won’t be able Read More

DNS Changer

Takedown One fine night in November 2011 I got an opportunity to get my hands dirty, working on a project for the United States Federal Bureau of Investigation (FBI). They were planning to seize a bunch of computing assets in New York City that were being used as part of a criminal empire that we Read More

The DNS Changer Clean DNS Servers Will Be Turned Off On July 9, 2012

In order to assist victims affected by the DNSChanger malicious software the FBI obtained a court order authorizing Internet Systems Consortium (ISC) to deploy and maintain temporary Clean DNS servers. The solution is temporary and intended to buy time so that victims can clean affected computers and restore their normal DNS settings. For more information Read More