|
YANTAI SANHAI INDUSTRY CO.,LTD.
|
Blog
Federal authorities have applied for permission to extend the operation of a
safety net that allows machines infected by the DNSChanger Trojan to surf the net as normal beyond a 8 March deadline.
DNSChanger changed an infected system's domain name system (DNS) settings to point towards rogue servers that hijacked web searches and pointed surfers towards various sleazy websites, as part of a long running click-fraud and scareware punting scam. The FBI stepped in and dismantled the botnet's command-and-control infrastructure back in November, as part of Operation GhostClick. As many as 4 million machines were infected as the peak of the botnet's activity.
Rogue DNS servers were replaced by legitimate machines at the time of the takedown operation but nothing was done to disinfect infected PCs, a particular concern since the DNSChanger malware is designed to disable security software, leaving infected machines at heightened risk of infection.
Barring court permission, legitimate servers that were set up to replace rogue DNS servers will be taken offline on 8 March, 120 days after the initial takedown operation. The feds have applied (PDF) to extend this safety net until 9 July.
A abstraction by aegis close Internet Identity appear that at atomic 250 of all Fortune 500 companies and 27 out of 55 above government entities had at atomic one computer or router that was adulterated with DNSChanger in aboriginal 2012, allegation that advance the post-Ghost Click clean-up operation is active abaft schedule. Barring an addendum in the operation of the agent DNS servers these adulterated apparatus await upon, surfers will be clumsy to browse the web or forward emails as accustomed afterwards 8 March, unless the DNS settings of compromised computer are adequate to their aboriginal state.
More advice on how to apple-pie up adulterated machines, and added resources, can be begin on the DNS Changer Working Accumulation website here.
Operation Ghost Click led to the arrest of six Estonian nationals, accused of manipulating millions of adulterated computers application DNSChanger. The declared agitator of the group, Vladimir Tsastsin, and addition doubtable accept been already austere for displacement to the US. Baltic Business Account letters that bounded courts accustomed the displacement of the four actual suspects endure week. These extraditions abide accountable to government approval but this is all but assured, the bounded account website reports.
Tsastsin ahead ran arguable area allotment close EstDomains, whose accreditation was pulled by ICANN aback in 2008 over apropos that EstDomains had become a anchorage for cybercriminals.
KrebsOnSecurity has a archetype of the allegation adjoin Tsastsin and added suspects in the GhostClick case actuality (PDF).
