Internet will vanish Monday for 300,000 infected computers
Users must wipe DNSChanger malware from PCs and Macs before 12:01 a.m. ET July 9
Computerworld - As many as 300,000 PCs and Macs will drop off the Internet in about 65 hours unless their owners heed last-minute calls to scrub their machines of malware.
According to a group of security experts formed to combat DNSChanger, between a quarter of a million and 300,000 computers, perhaps many more, were still infected as of July 2.
DNSChanger hijacked users' clicks by modifying their computers' domain name system (DNS) settings to send URL requests to the criminals' own servers, a tactic that shunted victims to hacker-created sites that resembled real domains.
At one point, as many as 4 million PCs and Macs were infected with the malware, which earned its makers $14 million, U.S. federal authorities have said.
Infected machines will lose their link to the Internet at 12:01 a.m. ET Monday, July 9, when replacement DNS servers go dark.
The servers, which have been maintained under a federal court order by Internet Systems Consortium (ISC), the non-profit group that maintains the popular BIND DNS open-source software, were deployed last year after the Federal Bureau of Investigation (FBI) seized more than 100 command-and-control (C&C) systems during the take-down of the hacker gang responsible for DNSChanger.
The FBI's "Operation Ghost Click" ended with arrests of six Estonian men -- a seventh, a Russian, remains at large -- the C&C seizures, and the substitution of the replacement servers. Without the substitutes, DNSChanger-infected systems would have been immediately knocked off the Internet.
Originally, the stand-in servers were to be turned off March 8, but a federal judge extended the deadline to July 9.
It's not just consumer PCs and Macs -- DNSChanger was equal-opportunity malware -- that remain infected, but also corporate computers and systems at government agencies, said Tacoma, Wash.-based Internet Identity (IID), which has been monitoring cleanup efforts.
Last week, IID said that its scans showed 12% of Fortune 500 firms, or about one out of every eight, harbored DNSChanger-compromised computers or routers. And two out of 55 scanned U.S. government departments or agencies -- or 3.6% -- also had failed to scrub all their PCs and Macs.
The newest numbers were down from earlier scans by IID. In March, for example, the company pegged the Fortune 500 DNSChanger infection rate at 19% and the government agency rate at 9%.
In January, both groups' rate was an amazing 50%.
But there are still tens of thousands of laggards who have not cleaned their computers, even after a months-long effort by the DNSChanger Working Group (DCWG), a volunteer organization of security professionals and companies.
"We're all struggling with this," said Rod Rasmussen, chief technology officer of IID and a member of the DCWG. "There are a lot of people who just haven't gotten the word."
The cleanup, Rasmussen said, has been the tough part of the DNSChanger takedown.
"There was a lot of planning done for the initial takedown, the arrests, the swapping of servers, but there wasn't as much for after the take-down," said Rasmussen. "How do we clean things up? Victim remediation is a challenge for our industry. Everyone wants to do it, but how do you pay for it?"
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts