If you run a network, operate a network, and/or part of the staff of a network, please read on for how you can help with the DNS Changer activities.

Whitepaper for checking and cleaning DNS Changer from your network (DNS Changer Remediation Techniques).

Subscribe to a Daily E-mail Update of DNS Changer Infections Matching your Net-Block

The following organizations will provide an daily E-mail update of all the infections seen through FBI controlled DNS servers. Each organization will validate that you are an official administrator of your Net-Block (or ASN).  This information can be used to track down computer in your network that has been violated by DNS Changer.

[ahm-wp-tabular id=744 template=bluedream]


IDP/IPS Snort & Suricata Signatures


Thanks to the Emerging Threats community, we have updated and maintained signatures for DNS Changer. These signatures would be critical to an organization to spot and remediate violated machines in their network.


Please check out this updated list here (DNS Changer Signatures)


What is the “Emerging Threats community?” The community produces the fastest moving and most diverse Suricata and Snort Rulesets and firewall rules available. The community Open content is free to use by any user or organization, commercial or private. The community only ask that when you detect new threats in your environment or write new rules suitable for public release that you share that intelligence with the community at large through our mailing lists, or directly at The community updates these rulesets as new information surfaces (usually several times a day 7 days a week) and highly recommend you update at least twice a week to stay up to date. Daily is your best bet.



Leave a Reply