Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

DNSChanger has infected half of Fortune 500 firms

Machines will be cut off from the web next month, say experts

Article comments

Half of all Fortune 500 companies and major US government agencies own computers infected with the "DNSChanger" malware that redirects users to fake websites and puts organisations at risk of information theft, a security company warned yesterday.

DNSChanger, which at its peak was installed on more than four million Windows PCs and Macs worldwide - a quarter of them in the US alone - was the target of a major takedown organised by the US Department of Justice last November.

The takedown and accompanying arrests of six Estonian men, dubbed "Operation Ghost Click," was the culmination of a two-year investigation, although some security researchers have been tracking the botnet since 2006. As part of the operation, the FBI seized control of more than 100 command-and-control (C&C) servers hosted at US data centres.

According to Tacoma, a Washington-based Internet Identity (IID, which provides security services to enterprises, half of the firms in the Fortune 500, and a similar percentage of major US government agencies, harbour one or more computers infected with DNSChanger.

IID used telemetry from its monitoring of client networks, as well as third-party data, to claim that at least 250 of the Fortune 500 companies and 27 out of 55 major government agencies had at least one computer or router infected with DNSChanger as of early this year.

The still-infected machines pose several problems, said experts.

"Initially, DNSChanger was worrisome because it could redirect you from a safe location to a dangerous one controlled by criminals," said Rod Rasmussen, the chief technology officer of IID. "However, the FBI temporarily fixed that. Now, the big worry is that machines that are still infected face a second vulnerability - they are left with little if any security."

That's because DNSChanger also blocks software updates - the patches vendors like Microsoft issue to fix flaws - and disables installed security software.

Others, however, have pointed out that computers still infected with DNSChanger have only weeks before they will be crippled.

As part of Operation Ghost Click, a federal judge approved a plan where clean DNS servers were deployed by the Internet Systems Consortium (ISC), the non-profit group that maintains the popular BIND DNS open source software. Without that move, infected systems would have been immediately cut off from the internet when the FBI seized the criminals' domain servers.

But the ISC was authorised to maintain the alternate DNS servers only for 120 days, or until early next month.

"The ISC will shut down the DNS servers in March and anybody who is still using those servers will then lose access to the Internet," said Wolfgang Kandek, chief technology officer of Qualys.

Qualys has added DNSChanger detection to its free BrowserCheck tool that runs on Windows PCs, while the umbrella organization DNSChanger Working Group - of which IID is a member - has created a website that steps users through the process of detecting and infected PCs and Macs.


More from Techworld

More relevant IT news


Nick said: Having these idiots lose internet connection is a good thing Theyre part of the problem Allowing them on the internet is just like allowing petri dishes to continuously foster dangerous germs

Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *