Facebook joins Google, ISPs in notifying DNSChanger victims
Facebook alerts owners of DNSChanger-infected computers that they need to take action before July 9
IDG News Service - Facebook has started notifying victims of the DNSChanger malware who visit the social networking site that their computers will be cut off from the Internet on July 9, if they don't clean them until that time.
Facebook's DNSChanger alerts will include a link the DNSChanger Working Group's website, which contains more information about the malware and instructions on how to remove it.
"Earlier this year, Facebook joined the clean up effort by participating in [http://www.dcwg.org DNSChanger Working Group], which is comprised of computer security experts from the public, private, and academic sectors," the Facebook security team said in a blog post on Monday. "As a result of our work with the group, Facebook is now able to notify users likely infected with DNSChanger malware and direct them to instructions on how to clean their computer or networks."
DNSChanger is a family of Trojan programs that hijack Web search queries, display malicious advertisements and redirect users to fake websites. They do this by forcing infected computers to use DNS servers controlled by attackers.
DNS servers play a very important role on the Internet -- they translate domain names into numerical Internet Protocol (IP) addresses that computers use to communicate with each other. By default, most computers use DNS servers operated by their respective Internet service providers (ISPs) -- entities that are implicitly trusted with routing their connections.
The FBI shut down the DNSChanger operation in November 2011 following a two-year investigation and temporary replaced the rogue DNS servers with legitimate ones. The replacement servers are operated by a non-profit organization called the Internet Systems Consortium, which also operates one of the Internet's thirteen authoritative DNS root servers.
A judge initially signed off on this arrangement until March 8 in order to give ISPs sufficient time to identify and notify victims. However, the deadline was later extended by four months.
The replacement servers are now scheduled to be taken offline on July 9, after which time computers still infected with the DNSChanger malware will no longer be able to access the Internet.
The DNSChanger Working Group estimates that there are over 350,000 devices still infected with DNSChanger, out of the 4 million that were originally affected by the malware.
Facebook's decision to notify the owners of the remaining infected computers follows a similar decision by Google, which started alerting DNSChanger victims through its search pages on May 22.
- The Business Value of Continuous Delivery Download this whitepaper to learn more about the business value of Continuous Delivery and see why it could be a game changer for...
- Ten Factors Shaping the Future of Application Delivery Download this research report conducted by Enterprise Management Associates (EMA) to learn how those that are seeking to accelerate application delivery are leveraging...
- HTTP Status Code Cheat Sheet Look at the Graph, Find the Code and Boom - You're Solving Problems. Identifying and understanding common HTTP status codes can go a...
- Architects lead the next generation of data-driven applications Read this whitepaper to find out how application architects can quickly and confidently deliver long-lasting applications that minimize cost, complexity, and risk while...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Desktop Apps White Papers | Webcasts