Architecture, Network security, Strategy, Threats, Malware

Four-month extension request approved in DNSChanger case

March 6, 2012

For those who haven't noticed if their systems are infected with the DNSChanger malware, there is still time.

A judge on Monday granted a request to allow for a four-month extension of the operation of temporary DNS servers, allowing malware-infected PCs to stay connected to the internet until they are swept clean of the virus.

According to the federal court order, published by security blogger Brian Krebs, the replacements of the rogue servers used in the malware distribution will not be disconnected for another 120 days, giving businesses and governments additional time to react to the infections.

Security firm Internet Identity (IID) reported early last month that roughly half of Fortune 500s and U.S. government agencies are still grappling with the epidemic. Of the nearly three million PCs infected worldwide, at least 500,000 are in the United States.

According to the IID report, “If an enterprise's employee has DNSChanger on their computer, it means that enterprise is susceptible to having their proprietary information stolen.”

IID updated its infection figures last week, indicating a major downturn in the number of affected enterprises. The extension given on Monday could lead to an even more dramatic decrease in the contagion.

As well as disabling anti-virus and software updates for users, the DNSChanger malware redirects infected computers to malignant sites via the rogue DNS servers used, which, according to the federal court order, were located at data centers in Manhattan and Chicago.

While businesses and government agencies were a target of the trojan, home users were also affected, which hauled in $14 million, according to the FBI.

Arrests in relation to the attack -- which hauled in an estimated $14 million, according to the FBI -- were made in November following a two-year investigation, dubbed Operation Ghost Click.

The FBI is currently seeking the extradition of six Estonian nationals linked to the attacks, who, according to them, used the malware to “manipulate the multi-billion-dollar internet advertising industry.”

prestitial ad