We have been hearing the warnings pertinent to shutdown of Internet resources for some users on July 09, 2012, due to the DNSChanger malware attack. This is the last chance for companies and users to filter their systems from this malware as FBI may pull the plug on domains related to the DNSChanger malware. There are around 60 Fortune 500 companies, 64,000 users in the United States, and 200,000 additional users outside the United States who may suffer the Internet shutdown on July 9 if their systems are still infected with malware.
Ever since the first attack, DNSChanger is now at its peak and earning more than $14 million in affiliate and referral fees by redirecting the browsers of infected users to the sites designed by them. The DNSChanger Working Group has set up a website for the users to help determine if their machines are infected. If there is a green background on the website graphic, it means that their site is not infected with the malware, while those seeing the red background will have an infected site. The group has also published a FAQ page for the same, which will further help users in determining the status (infected or clean) of their site.
FBI started ‘Operation Ghost Click’ to deal with the issue and seized more than 100 servers hosted at U.S. data centers in order to replace those servers and allow infected computers to use the Internet. On November 8, the FBI, the NASA-OIG and Estonian police arrested several cyber criminals in “Operation Ghost Click”. The criminals operated under the company name “Rove Digital”, and distributed DNS changing viruses, variously known as TDSS, Alureon, TidServ and TDL4 viruses. The virus was part of an international scheme to set up a widespread online advertising network through the infected machines, and controlled by DNS systems under the hacker group’s control. Monday will be the final phase for the ‘Operation Ghost Click’.
The FBI was supposed to flip the killswitch on March 8 of this year but decided to file for an extension to help victims resolve the problem. The FBI was able to obtain a court order authorizing the Internet Systems Consortium (ISC) to deploy and maintain temporary clean DNS servers but the clean DNS server will be turned off on July 9. This means all infected machines will lose access to the internet on Monday. If you think that you must do something to avoid this shutdown, go to DCWG to learn more about the DNSChanger, find out if your computer is infected, fix the infection, and of course protect your system from future attacks after the problem has been fixed.