Judge extends DNS Changer deadline as malware cleanup progresses
Percentage of infected Fortune 500 firms and major government agencies down dramatically since early 2012
Computerworld - A federal judge yesterday extended an operation that will keep hundreds of thousands of users infected with the "DNS Changer" malware connected to the Internet until they can scrub their machines.
Meanwhile, Tacoma, Wash.-based Internet Identity (IID), which has been monitoring the cleanup efforts, said today that it had seen a "dramatic" decrease in the number of computers infected with DNS Changer.
DNS Changer, which at its peak infected more than four million Windows PCs and Macs worldwide, was the target of a major takedown led by the U.S. Department of Justice last November.
The malware hijacked users' clicks by modifying their computers' domain name system (DNS) settings to send URL requests to the criminals' own servers, a tactic that shunted victims to hacker-created sites that resembled the real domains.
As part of the "Operation Ghost Click" takedown and accompanying arrests of six Estonian men, the FBI seized more than 100 command-and-control (C&C) servers hosted at U.S. data centers. To replace those servers, a federal judge approved a plan where substitute DNS servers were deployed by the Internet Systems Consortium (ISC), the non-profit group that maintains the popular BIND DNS open-source software.
Without the server substitutions, DNS Changer-infected systems would have been immediately severed from the Internet.
Yesterday, U.S. District Court Judge Denis Cote extended the deadline for shutting down the replacement servers by four months, from March 8 -- this Thursday -- to July 9, 2012.
Two weeks ago, authorities argued that victims needed more time to wipe DNS Changer from computers before their connections were cut off.
Although cleanup efforts have made headway, the extension was the right move, said Rod Rasmussen, president and CTO at IID.
"There has been significant progress within the gov[ernment] and enterprise, where it's easier to clean things up, but ISPs have been slower, in part because some of them are still trying to figure out how best to handle the situation," said Rasmussen.
"[DNS Changer] has morphed several times, so there's not one signature that we can use," Rasmussen noted. "And it's very complex and hard to eliminate. You really need a pro to get in there to root it out. That's not what ISPs typically do."
IID's data backs up Rasmussen's assertion that DNS Changer cleanup has made progress: A check by the company on Feb. 23 found 94 of Fortune 500 companies still infected, and three out of 55 major government agencies.
Those numbers -- representing 19% of Fortune 500 companies and 5% of the agencies -- were significantly down from the 50% of each IID said harbored at least one infected computer or network router around the beginning of the year.
- The Pivotal Big Data Suite- Reducing the Risks of Big Data The explosion of big data and the rapid evolution of big data tools and technologies is challenging IT to meet the demands of...
- A Survival Guide for Data in the Wild All corporate data used to reside in the data center. Safe and sound behind the corporate firewall. But now, employees have multiple devices...
- Transforming Security: Designing a State-of-the-Art Extended Team The information security mission is no longer about implementing and operating controls.
- The Big Data Security Analytics Era Is Here New security risks and old security challenges often overwhelm legacy security controls and analytical tools.
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!