How To Avoid Internet DNS Malware

by Director of Intergalactic Communications and Marketing on April 25, 2012

The FBI announced in November that six Estonian nationals were arrested and charged with running a sophisticated Internet fraud ring that infected millions of computers worldwide with a virus and enabled the thieves to manipulate the multi-billion-dollar Internet advertising industry.

Users of infected machines are unaware that their computers had been impacted —or that the malware makes their computer vulnerable to lots of other viruses.

Officials also described their efforts to make sure infected users’ Internet access would not be disrupted as a result of the operation.

 FBI Statement:
Janice Fedarcyk, 
New York
Assistant Director in Charge

“Today, with the flip of a switch, the FBI and our partners dismantled the Rove criminal enterprise. Thanks to the collective effort across the U.S. and in Estonia, six leaders of the criminal enterprise have been arrested and numerous servers operated by the criminal organization have been disabled. Additionally, thanks to a coordinated effort of trusted industry partners, a mitigation plan commenced today, beginning with the replacement of rogue DNS servers with clean DNS servers to keep millions online, while providing ISPs the opportunity to coordinate user remediation efforts.” More

The indictment, said Janice Fedarcyk, assistant director in charge of our New York office, “describes an intricate international conspiracy conceived and carried out by sophisticated criminals.” She added, “The harm inflicted by the defendants was not merely a matter of reaping illegitimate income.”

Beginning in 2007, the cyber ring used a class of malware called DNSChanger to infect approximately 4 million computers in more than 100 countries. There were about 500,000 infections in the U.S., including computers belonging to individuals, businesses, and government agencies such as NASA. The thieves were able to manipulate Internet advertising to generate at least $14 million in illicit fees. In some cases, the malware had the additional effect of preventing users’ anti-virus software and operating systems from updating, thereby exposing infected machines to even more malicious software.

“They were organized and operating as a traditional business but profiting illegally as the result of the malware,” said one of our cyber agents who worked the case. “There was a level of complexity here that we haven’t seen before.”

Here’s how to check your computer to make sure it is not vulnerable to the Domain Name Server (DNS) malware:

The FBI touts the DNS Changer Working Group’s website.

Testing for the presence of the malware is easy. Because it redirects your web traffic from “good” to “bad” sites, a simple test at the DNSChanger Eye Chart can readily discern where it sends you. If the site goes red, you’re in harm’s way. Green means clean.

The FBI also has a lookup form on its website, reports. The user can type in the IP address of the DNS server configured on the machine to find out if it is one of the malicious ones identified by law enforcement authorities.

And Kaspersky Lab offers TDSSKiller, a rootkit removal tool, which can also detect DNSChanger and remove it from infected systems, reported.

Read more:

Leave a Reply

Your email address will not be published. Required fields are marked *


160,611 Spam Comments Blocked so far by Spam Free Wordpress

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Previous post:

Next post: