DNSChanger is a type of DNS Malware that infected about 4 million PCs computers and many of which (~300,000) are still infected. Those still unaware of the problem will lose Internet connectivity on Monday July 9th. More than 100 command and control (C&C) systems have been confiscated by the Federal Bureau of Investigation (FBI) but, this will not stop the outage.
“An educated guess is that the infections are primarily home or small business users,” Vikram Thakur, principal security response manager at Symantec, told Security Watch .
According to Internet Identity (IID) who has been monitoring the clean up, the newest numbers were down from earlier scans. In March, the company announced that 19% of the Fortune 500 were infected with DNSChanger and that the government agency rate was at 9%. Last week, IID said that its scans showed 12% of Fortune 500 firms were still infected.
“We’re all struggling with this,” said Rod Rasmussen, Chief Technology Officer of IID and a member of the DCWG. “There are a lot of people who just haven’t gotten the word.”
DNSChanger hijacked users’ clicks by modifying their computers’ domain name system (DNS) settings to send URL requests to the criminals’ own servers, a tactic that shunted victims to hacker-created sites that resembled real domains.
The http://dns-ok.us website quickly tells users whether their PC or Mac is likely infected with DNSChanger.
Be Proactive Against DNSChanger
Companies using NetFlow to perform IP Host Reputation lookups on host-to-host communications would have detected the DNSChanger malware at the beginning of this year.
“Detecting security threats with NetFlow or using it for Network Behavior Analysis is a great way to detect internal malware.” Said Michael Patterson, Founder/CEO – Plixer.com “IP Host Reputation using the Emerging Threats list plays a significant role in Advanced Persistent Threat and Command and Control (C&C) malware detection at everyone of our customer installations.”