FBI Relaunches DNSChanger Efforts

Tuesday, May 1, 2012 @ 09:05 AM gHale

The FBI and a working group of security experts relaunched their campaign to rid computers of the DNSChanger malware that still threatens to cut hundreds of thousands of users off from the Internet in July.

The ad hoc DNSChanger Working Group has a new website that links to instructions on how users and organizations can find and remove DNSChanger from their machines, along with updates on the effort.

Fake Police Trojan Demands Funds
Rootkit, Trojan Unite
Spammers: It Just Keeps Working
Rogue AV Lets Victims do Dirty Work

DNSChanger had infected as many as 4 million computers around the world as part of an Estonia-based clickjacking scheme the FBI busted in November 2011. The malware redirected infected computers to the ring’s servers, which then sent them to bogus sites, while also disabling anti-virus software.

After the FBI broke up the ring and arrested six of its principals, it received a court order to allow the Internet Systems Consortium to run temporary replacement DNS servers in place of the ring’s servers. Otherwise, infected computers would have had their DNS requests sent to servers taken offline, effectively cutting them off from the Internet.

The original court order was to expire in March, but the FBI obtained an extension until July 9 to allow more time to clean infected machines.

Progress continues in ridding machines of the malware, and federal agencies have largely cleaned out infections, but an estimated 350,000 could still be at risk. The new campaign should raise awareness about the threat, so users and organizations check for the malware and remediate the problem if it’s there.

Leave a Reply

You must be logged in to post a comment.