On 12:01 Eastern Time on Monday July 9th 2012, the DCWG stop responding to DNS queries from infected machines. This is in compliance with the US Justice Department Court Order authorizing the clean DNS servers. At 12:23 Eastern Time on Monday July 9th 2012, the server started to reply to all DNS request with an Read More
July 8th 2012 is the last day we collect DNS data on the DNS Changer Victims. The total “unique IPs” and last day of infections per DNS Top Level Domain Country Code (TLD CC) are linked below. Now that this phase of the remediation exercise is over, researchers will collect all the data and compare Read More
Lots of people have been asking for updated data. Thanks to one of our volunteers, we have the latest dump: Daily Unique IPs connecting to the clean DNS servers up to June 27th 2012 – dcwg-unique-ips-up-to-June-27 Daily Unique IPs in July 2012 – dcwg-unique-ips-July-2012 Current List of Infections by Top Level Domain Country Code Read More
Top 25 ASNs seen on Monday, June 11th who have DNS Changer infections communicating with the DCWG Clean DNS servers. +——-+————+ | asn | unique_ips | +——-+————+ | 9829 | 15568 | | 3269 | 13406 | | 7922 | 11964 | | 3320 | 9250 | | 7132 | 6743 | | 3215 | Read More
Here is our latest country based on Country codes for Monday, June 11th: +—-+————+ | cc | unique_ips | +—-+————+ | US | 69517 | | IT | 26494 | | IN | 21302 | | GB | 19589 | | DE | 18427 | | FR | 10454 | | CN | 10304 Read More
The following is our latest figures on the number of unique IP addresses communicating with the DNS Changer “Clean Servers.” +————+————+ | date | unique_ips | +————+————+ | 2011-11-08 | 551436 | | 2011-11-09 | 567957 | | 2011-11-10 | 672972 | | 2011-11-11 | 661664 | | 2011-11-12 | 617054 | | 2011-11-13 | Read More
Yet another Shadowserver.org illustration to explore the geographic view of DNS Changer infections from Jan 2012 to Mar 2012.
Shadowserver has pulled together a word map based on country to illustrate which countries had more infections. The size of the word relates to the number of infections.
Shadowserver.org has provided a Hilbert Map (with video) of all the infections from Jan 2012 to March 2012.This is a useful tool to spot “hot spots” based on IPv4 prefix ranges. More information on Hilbert Maps can be found at: http://www.caida.org/research/traffic-analysis/arin-heatmaps/ http://www.team-cymru.org/Monitoring/Malevolence/maps.html
By Fahmida Y. Rashid Facebook will notify users who have DNSChanger malware on their computers of the infection and remind them that if left infected, they will lose Internet access come July 9. When a user browses to Facebook from a DNSChanger-infected computer, the social networking giant will display an alert with a link to Read More