DCWG Ends Clean DNS Function

On 12:01 Eastern Time on Monday July 9th 2012, the DCWG stop responding to DNS queries from infected machines. This is in compliance with the US Justice Department Court Order authorizing the clean DNS servers. At 12:23 Eastern Time on Monday July 9th 2012, the server started to reply to all DNS request with an Read More

Last Day of DCWG Data

July 8th 2012 is the last day we collect DNS data on the DNS Changer Victims. The total “unique IPs” and last day of infections per DNS Top Level Domain Country Code (TLD CC) are linked below. Now that this phase of the remediation exercise is over, researchers will collect all the data and compare Read More

Updated DNS Changer Infection Data

Lots of people have been asking for updated data. Thanks to one of our volunteers, we have the latest dump:   Daily Unique IPs connecting to the clean DNS servers up to June 27th 2012 – dcwg-unique-ips-up-to-June-27 Daily Unique IPs in July 2012 – dcwg-unique-ips-July-2012 Current List of Infections by Top Level Domain Country Code Read More

DNS Changer – Top 25 ASNs

Top 25 ASNs seen on Monday, June 11th who have DNS Changer infections communicating with the DCWG Clean DNS servers. +——-+————+ | asn   | unique_ips | +——-+————+ | 9829  |      15568 | | 3269  |      13406 | | 7922  |      11964 | | 3320  |       9250 | | 7132  |       6743 | | 3215  |       Read More

Top DNS Changer Infections by Country

Here is our latest country based on Country codes for Monday, June 11th:   +—-+————+ | cc | unique_ips | +—-+————+ | US |      69517 | | IT |      26494 | | IN |      21302 | | GB |      19589 | | DE |      18427 | | FR |      10454 | | CN |      10304 Read More

Hilbert Map of DNS Changer Infections from Jan 2012 to March 2012

Shadowserver.org has provided a Hilbert Map (with video) of all the infections from Jan 2012 to March 2012.This is a useful tool to spot “hot spots” based on IPv4 prefix ranges. More information on Hilbert Maps can be found at: http://www.caida.org/research/traffic-analysis/arin-heatmaps/ http://www.team-cymru.org/Monitoring/Malevolence/maps.html  

Facebook Alerts Users About DNSChanger Malware

By Fahmida Y. Rashid Facebook will notify users who have DNSChanger malware on their computers of the infection and remind them that if left infected, they will lose Internet access come July 9. When a user browses to Facebook from a DNSChanger-infected computer, the social networking giant will display an alert with a link to Read More