DNSChanger oozed out of Estonia and may have fouled up as many as a half-million computers in the United States. The feds’ temporary fix to keep the worm from propagating was to replace infected servers with clean surrogates.
Coordinating with the Estonian authorities who arrested those believed responsible for the worm, the FBI set up what amounted to a Maginot Line of temporary servers that would to give businesses and private individuals affected by DNSChanger time to cleanse infected systems. However, this may not have been enough to save all the afflicted. Cyber security journalist Brian Krebs writes:
Computers still infected with DNSChanger are up against a countdown clock. As part of the DNSChanger botnet takedown, the feds secured a court order to replace the Trojan’s DNS infrastructure with surrogate, legitimate DNS servers. But those servers are only allowed to operate until March 8, 2012. Unless the court extends that order, any computers still infected with DNSChanger may no longer be able to browse the Web.
[Internet Identity president and CTO Rod] Rasmussen said there are still millions of PCs infected with DNSChanger. “At this rate, a lot of users are going to see their Internet break on March 8.”
[Internet Identity president and CTO Rod] Rasmussen said there are still millions of PCs infected with DNSChanger. “At this rate, a lot of users are going to see their Internet break on March 8.”
Large network operators unsure as to whether their system is infected can contact the DNS Changer Working Group for assistance here. Private users may be able to ferret out a localized infection by following steps outlined here, at DCWG.org.
vBulletin Message