Friday, July 6, 2012

DNSChanger Malware Could Knock Thousands of Computers Offline July 9

Thousands of computers are at risk of being unable to use the Internet because of malware from online criminals in a scam last year. Despite an effort to get the word out, as many as 277,000 computers worldwide still cary the hostile software known as DNSChanger.

DNSChanger was discovered in 2007, and may have infected millions of computers over time. The malware worked by detecting what websites its victims browsed, then redirected them to sites under the control of a cybercrime enterprise working from the small Eastern European country of Estonia, where ads were pushed onto the viewers. The criminals were netting millions before the FBI worked with Estonian police to break up the crime ring and confiscated the servers. Six were arrested with a seventh in Russia still at large.

To avoid disrupting those with infected computers, the servers were kept online as word was spread about the malware infections. In January, it was estimated a half million computers had the malware. But on Midnight July 8, the servers will be turned off, and those computers still infected will be unable to get online, at least without taking certain steps. In January, it was estimated a half million computers had the malware. As many as 277,000 computers across the world may still be infected, including as many as 4500 in the United States. Messages, such as the one Google has been showing to users of computers it detected the malware on (shown below), have helped to get the word out.

For those computers still infected, there are a number of places one can go. Among them is a website that a group of security groups and experts set up: www.dcwg.org. Others include:

Hitman Pro (32bit and 64bit versions)

Kaspersky Labs TDSSKiller

McAfee Stinger

Microsoft Windows Defender Offline

Microsoft Safety Scanner

Norton Power Eraser

Trend Micro Housecall

MacScan

Avira


For computers knocked offline, they can still get to Google by typing "173.194.34.72" into their address bar, or to Microsoft with "64.4.11.37".

Internet security company Internet Identity reported at least 60 companies on the Fortune 500 still have infected computers. At the beginning of the year, they believed the number was 250. or 50 percent. For US Government agency computers, the amount infected went down from an estimated 49 percent to 4.

Sources: http://www.dcwg.org/, Forbes, Reuters, Internet News , Google


Bixyl Shuftan

1 comment: