U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Malware

DNSChanger, FBI’s internet blackout postponed from 8 March to 9 July

Many people are asking me for updates on the case DNSChanger which held its breath many network users. During the last months the news circulating on internet on the planned blackout of Internet for million of users on 8 March decided by FBI to deal with cyber threats. The action must be done to stop […]

DNSChanger, FBI’s internet blackout postponed from 8 March to 9 July

Many people are asking me for updates on the case DNSChanger which held its breath many network users. During the last months the news circulating on internet on the planned blackout of Internet for million of users on 8 March decided by FBI to deal with cyber threats. The action must be done to stop the diffusion of DNSChanger Trojan, a malware that has infected million of computers all over the world in more than 100 countries. The story begins last year when in Estonia was arrested a group of person accused of having developed the dreaded trojan that seems to be able to spread with surprising ease.
Under a court order, expiring March 8, the Internet Systems Corporation is operating replacement DNS servers for the Rove Digital network. This will allow affected networks time to identify infected hosts, and avoid sudden disruption of services to victim machines.

What does the DNS Changer Malware do?
The botnet operated by Rove Digital altered user DNS settings, pointing victims to malicious DNS in data centers in Estonia, New York, and Chicago. The malicious DNS servers would give fake, malicious answers, altering user searches, and promoting fake and dangerous products. Because every web search starts with DNS, the malware showed users an altered version of the Internet. Once discovered the cyber crime the FBI to give businesses and private individuals affected by DNSChanger time to cleanse infected systems has replaced the Trojan’s DNS infrastructure with surrogate, legitimate DNS servers. Replacing the command server the feds have prevented the worm propagation. The FBI took over the botnet’s command-and-control (C&C) servers in November as part of Operation Ghost Click.

To counter the threat the Federal Bureau of Investigation has initially planned to shutdown several DNS (domain name servers) on March 8, with the undesirable side effect of blocking millions from using the Internet.  DNSChanger is able to change inside the infected system the DNS settings hijacking web traffic to unwanted and infected sites. Despite the calls provided by the press and the major law enforcement, the situation is far from reassuring, because too many PCs are being infected and potentially damaged by the planned blackout. More than 3 million PCs worldwide were still infected with DNSChanger that is the main reason that have prompted authorities to extend the period before the planned shutdown of the surrogate servers.

Last week a federal judge has postponed, with an order, the blackout of the surrogate servers of 120 days to give companies, businesses and governments more time to arrange the response to the threat.

To meet the threat was also set up a special task force to provide support for private companies and were given the necessary instructions to the removal of malware on the site DCWG.org

A copy of the court order extending the deadline until July 9, 2012 is available on the following link.

Pierluigi Paganini

References

http://krebsonsecurity.com/2012/03/court-4-more-months-for-dnschanger-infected-pcs/

http://securityaffairs.co/wordpress/2682/malware/dnschanger-and-legal-consequences-of-operation-ghost-click.html