DNSChanger Trojan Still in Play

Thursday, July 5, 2012 @ 11:07 AM gHale


Starting next week, hundreds of thousands of computer users are going to learn the hard way that failing to keep a clean machine comes with consequences.

That is because on July 9, any systems still infected with the DNSChanger Trojan will lose its connection with the Internet. The latest reports indicate this malware is still on systems at 12 percent of Fortune 500 companies, and roughly four percent of U.S. federal agencies.

RELATED STORIES
‘Doomsday’ Warning Pop Up Legit
FBI Relaunches DNSChanger Efforts
Fake Police Trojan Demands Funds
Rootkit, Trojan Unite

In an effort to help users clean infections, security experts won court approval last year to seize control of the infrastructure that powered the search-hijacking Trojan. But a court-imposed deadline to power down that infrastructure will sever Internet access for PCs that still have the malware before July 9.

Twelve percent of all Fortune 500 companies and four percent of “major” U.S. federal agencies are still infected, according to Internet Identity. The latest figures from the DNSChanger Working Group (DCWG), an industry consortium working to eradicate the malware, show more than 300,000 systems still suffer from the infection.

That number is likely conservative: The DCWG measures infections by Internet protocol (IP) addresses, not unique systems. Because quite a few systems are on the same local network and often share the same IP address, the actual number of DNSChanger-infected machines is probably higher than 300,000.

Google thinks the number is 30 percent higher. On May 22, Google said it would begin warning users if their computers show signs of a DNSChanger infection. The company estimated at the time that more than 500,000 systems remained infected with the malware. On that date, the DCWG was tracking infections tracing back to 333,908 IP addresses.

To find out if a system on your network is infected, visit the DNSChanger Check-Up page. Other resources for cleaning up DNSChanger infections are here.

DNSChanger may no longer be hijacking search results, but the malware still carries secondary threats and risks. It was frequently bundled with other nasty software, and consequently machines sickened with DNSChanger also probably host other malware infestations. Additionally, DNSChanger disables antivirus protection on host machines, further exposing them to online threats.

DNSChanger modifies settings on a host PC that tell the computer how to find Web sites on the Internet, hijacking victims’ search results and preventing them from visiting security sites that might help detect and scrub the infections.



Leave a Reply

You must be logged in to post a comment.