Half of Fortune 500 firms infected with DNS Changer
Machines will be cut off from the Web next month, say experts
Computerworld - Half of all Fortune 500 companies and major U.S. government agencies own computers infected with the "DNS Changer" malware that redirects users to fake websites and puts organizations at risk of information theft, a security company said today.
DNS Changer, which at its peak was installed on more than four million Windows PCs and Macs worldwide -- a quarter of them in the U.S. alone -- was the target of a major takedown organized by the U.S. Department of Justice last November.
The takedown and accompanying arrests of six Estonian men, dubbed "Operation Ghost Click," was the culmination of a two-year investigation, although some security researchers have been tracking the botnet since 2006. As part of the operation, the FBI seized control of more than 100 command-and-control (C&C) servers hosted at U.S. data centers.
According to Tacoma, Wash.-based Internet Identity (IID), which provides security services to enterprises, half of the firms in the Fortune 500, and a similar percentage of major U.S. government agencies, harbor one or more computers infected with DNS Changer.
IID used telemetry from its monitoring of client networks, as well as third-party data, to claim that at least 250 of the Fortune 500 companies and 27 out of 55 major government agencies had at least one computer or router infected with DNS Changer as of early this year.
The still-infected machines pose several problems, said experts.
"Initially, DNS Changer was worrisome because it could redirect you from a safe location to a dangerous one controlled by criminals," said Rod Rasmussen, the chief technology officer of IID in an emailed statement. "However, the FBI temporarily fixed that. Now, the big worry is that machines that are still infected face a second vulnerability -- they are left with little if any security."
That's because DNS Changer also blocks software updates -- the patches vendors like Microsoft issue to fix flaws -- and disables installed security software.
Others, however, have pointed out that computers still infected with DNS Changer have only weeks before they will be crippled.
As part of Operation Ghost Click, a federal judge approved a plan where clean DNS servers were deployed by the Internet Systems Consortium (ISC), the non-profit group that maintains the popular BIND DNS open-source software. Without that move, infected systems would have been immediately cut off from the Internet when the FBI seized the criminals' domain servers.
But the ISC was authorized to maintain the alternate DNS servers only for 120 days, or until early next month.
"[The ISC] will shut down the [DNS] servers in March and anybody who is still using those servers will then lose access to the Internet," said Wolfgang Kandek, chief technology officer of Qualys, in a Thursday post to that company's security blog.
Qualys has added DNS Changer detection to its free BrowserCheck tool that runs on Windows PCs, while the umbrella organization DNS Changer Working Group -- of which IID is a member -- has created a website that steps users through the process of detecting and infected PCs and Macs.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His e-mail address is email@example.com.
Read more about Security in Computerworld's Security Topic Center.
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!