Deadline for cutoff of DNS Changer infected PCs extended until July 9, 2012
On February 14, 2012, I wrote a blog article alerting my readers about the pending cutoff date of March 8, 2012, for Internet access for computers infected with the DNSChanger malware. The title told it all: "PCs infected with DNS Changer to lose Internet connections on March 8, 2012." I learned today (March 6) that a Federal Court has granted the FBI's request to extend the cutoff date until July 9, 2012 (Read PDF of Court Order).
When I published my article there were still an estimated 400,000 PCs in the USA infected with this malware. Many of these infected PCs belong to Fortune 500 companies and even parts of the US Federal Government, Millions more are still infected around the World. This extension of the cutoff date is to allow more time for the large entities in business and Government circles to search for and disinfect their compromised computers. It is a monumental task and many companies have already stretched the IT personnel and budgets to the limit, sniffing out any infected machines on their premises.
It was back in early November, 2011, that the FBI filed an indictment against an Estonian crime gang whose members were accused of creating and operating the "DNS Changer" malware and botnet. Search and seize warrants were obtained and the servers being used by the criminals running this enterprise were seized and taken offline. The named suspects have been arrested and are awaiting extradition, or have already been extradited to the USA, to face charges in a US Federal Court.
But, there was a downside to this victory. Innocent victims were unknowingly having all of their Internet connectivity routed though those "rogue" DNS servers that were taken down by the FBI and DOJ.
The computers and routers that had been infected with the DNS Changer malware were instructed by the Trojan to obtain all of their Internet access by going through one of the command and control servers that were taken down by the FBI. When the servers were disconnected, so was Internet access for all infected machines!
In order to minimize damage to those machines, a Judge ordered a New York hosting company to take over supplying IP connectivity to those infected PCs and routers. All requests from the "infectees" were rerouted to these interim servers, allowing the owners of the infected machines to happily go about their web browsing, online banking, auctioning, emailing, FTP-ing an IM-ing. Further, the Court set a cutoff date of March 8, 2012 for the company assigned to act as go-between for the infected machines.
In the meantime, ISPs and IP connectivity providers were notified about the IP addresses found in the log files of the seized malware servers. Owners of infected machines and routers were and still are being identified and being contacted by their ISPs or connectivity providers. It has been discovered that this process is taking much longer than anticipated when a Federal Court assigned a March 8, 2012 cutoff date for the handling of requests from the infected machines.
You can get more details in my previous blog article about the DNS Changer malware, how it affects computers and routers and links you can use to check if your systems have become compromised by this malware.
One final word: Now that we have been granted another 4 months to discover infected computers and routers, let's get to work doing so. I have checked my DNS servers and found them to be correct and clean. You can check your DNS servers here, if you are English speaking. There are equivalent DNS checking services in other languages, like http://dns-ok.de/ for German speaking Netizens.
Keep your Windows PCs patched via Windows Updates and your anti-virus software up to date with daily definitions updates. Scan for threats every night, before shutting down your PC, or yourself ;-). One of the symptoms of a DNS Changer infection is that Windows Updates and anti-virus programs get turned off. If you find that you cannot access Windows Updates or update your security programs, contact a competent computer technician or computer troubleshooter.
Trend Micro Internet Security products, for home and office users, use in-the-cloud malware definitions that are updated every day, all day, as soon as new or altered strains of viruses and other malware are detected in the wild and analyzed. By offloading the bulk of these ever changing virus definitions to cloud servers, the load on your computers is greatly reduced. All users of Trend security programs are instantly protected from hostile web pages laden with malware exploits and hostile email, by the Trend Micro Smart Protection Network.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.
Movable Type 4.38