Judge extends DNS Changer deadline as malware cleanup progresses
Percentage of infected Fortune 500 firms and major government agencies down dramatically since early 2012
Computerworld - A federal judge yesterday extended an operation that will keep hundreds of thousands of users infected with the "DNS Changer" malware connected to the Internet until they can scrub their machines.
Meanwhile, Tacoma, Wash.-based Internet Identity (IID), which has been monitoring the cleanup efforts, said today that it had seen a "dramatic" decrease in the number of computers infected with DNS Changer.
DNS Changer, which at its peak infected more than four million Windows PCs and Macs worldwide, was the target of a major takedown led by the U.S. Department of Justice last November.
The malware hijacked users' clicks by modifying their computers' domain name system (DNS) settings to send URL requests to the criminals' own servers, a tactic that shunted victims to hacker-created sites that resembled the real domains.
As part of the "Operation Ghost Click" takedown and accompanying arrests of six Estonian men, the FBI seized more than 100 command-and-control (C&C) servers hosted at U.S. data centers. To replace those servers, a federal judge approved a plan where substitute DNS servers were deployed by the Internet Systems Consortium (ISC), the non-profit group that maintains the popular BIND DNS open-source software.
Without the server substitutions, DNS Changer-infected systems would have been immediately severed from the Internet.
Yesterday, U.S. District Court Judge Denis Cote extended the deadline for shutting down the replacement servers by four months, from March 8 -- this Thursday -- to July 9, 2012.
Two weeks ago, authorities argued that victims needed more time to wipe DNS Changer from computers before their connections were cut off.
Although cleanup efforts have made headway, the extension was the right move, said Rod Rasmussen, president and CTO at IID.
"There has been significant progress within the gov[ernment] and enterprise, where it's easier to clean things up, but ISPs have been slower, in part because some of them are still trying to figure out how best to handle the situation," said Rasmussen.
"[DNS Changer] has morphed several times, so there's not one signature that we can use," Rasmussen noted. "And it's very complex and hard to eliminate. You really need a pro to get in there to root it out. That's not what ISPs typically do."
IID's data backs up Rasmussen's assertion that DNS Changer cleanup has made progress: A check by the company on Feb. 23 found 94 of Fortune 500 companies still infected, and three out of 55 major government agencies.
Those numbers -- representing 19% of Fortune 500 companies and 5% of the agencies -- were significantly down from the 50% of each IID said harbored at least one infected computer or network router around the beginning of the year.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Logicalis eBook: SAP HANA: The Need for Speed Without timely business insights, organizations today can suffer logistical, manufacturing, and even financial disaster in a matter of minutes
- Neustar 2014 DDoS Attacks and Impact Report For the third consecutive year, Neustar surveyed hundreds of companies on distributed denial of service (DDoS) attacks. The survey reveals evidence that the...
- Acxiom Case Study This case study, which focuses on Acxiom, explores how the company was able to secure employee data, reduce migration costs and boost productivity...
- Windows® XP Migration: Protect and Secure Critical Data With the end of the Microsoft Windows XP operating system's lifecycle on April 8, 2014, businesses are faced with the decision to migrate...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Building Tomorrow's Infrastructure Listen to this podcast to discover how Crider Foods worked with PC Connection to update their IT infrastructure, while maintaining compliance and control. All Cybercrime and Hacking White Papers | Webcasts