Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Takes Out $14M DNS Malware Operation

Posted by samzenpus on from the take-em-down dept.

coondoggie writes "U.S. law enforcement today said it had smashed what it called a massive, sophisticated Internet fraud scheme that injected malware in more than four million computers in over 100 countries while generating $14 million in illegitimate income. Of the computers infected with malware, at least 500,000 were in the United States, including computers belonging to U.S. government agencies, such as NASA."

15 of 57 comments (clear)

  1. Last Post by Anonymous Coward · · Score: 3, Funny

    Posted from one of the bots.

  2. Nice job Feds. Credit when credit is due. by bazmail · · Score: 4, Insightful

    Sometimes you just gotta hand it to 'em

    1. Re:Nice job Feds. Credit when credit is due. by houstonbofh · · Score: 4, Funny

      Sometimes you just gotta hand it to 'em

      Other times, they just take it... :)

    2. Re:Nice job Feds. Credit when credit is due. by AHuxley · · Score: 2

      $378.4bn into "dollar accounts" you get a $110m "forfeiture" i.e. 2% of your bank's $12.3bn profit.
      http://www.guardian.co.uk/world/2011/apr/03/us-bank-mexico-drug-gangs
      So strange how different parts of the US gov can find the cash and time to hunt cyber millions but fail to get a court to understand drug billions....

      --
      Domestic spying is now "Benign Information Gathering"
  3. Operating systems stats? by agm · · Score: 2

    It would be interesting to see the breakdown of the operating systems the infected computers were running.

    1. Re:Operating systems stats? by Baloroth · · Score: 4, Informative

      The FBI info PDF on the malware ( DNSChanger) lists instructions for checking OSX to see if you're infected. It also mentions the malware changes router settings if they are still at defaults. I'm guessing it infects Windows and Mac, with Linux/FreeBSD/Hurd being unaffected as per usual.

      --
      "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
    2. Re:Operating systems stats? by Baloroth · · Score: 2

      Link looks bad, I know. (pretty sure it's clean) That is an advisory for the malware in question (DNSChanger) affecting mac OSX.... so no, it isn't rhetorical. The time of Windows being the only possible infected system is past. Probably thanks to Apple's meteoric rise in popularity.

      --
      "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
    3. Re:Operating systems stats? by gsgriffin · · Score: 2

      This doesn't have to be an OS thing. Look into MiM and MitB and you'll see that it is now browser based.

      --
      jsut athnoer menagiensls ltitle psrhae for you to dcoede. Why do we wtsae our tmie dnoig tihs?
    4. Re:Operating systems stats? by nepka · · Score: 2

      Sorry, but if you read TFA it says it affected OSX too.

  4. 4 million? MASSIVE?!? by ackthpt · · Score: 3, Interesting

    That's like claiming the interception of one bale of weed at the Mexican Border is a Major Interdiction.

    Still, glad they're doing something. Every little bit helps.

    --

    A feeling of having made the same mistake before: Deja Foobar
  5. FBI stops DNS poisoning scheme by Compaqt · · Score: 4, Funny

    The FBI managed to stop MAFIAA from passing PROTECT-IP?

    --
    I'm not a lawyer, but I play one on the Internet. Blog
  6. Of course, there are some remaining problems... by Arrogant-Bastard · · Score: 3, Interesting

    ...because there are now 4 million pre-compromised systems in the field. It's a certainty that they are now all attractive targets for anyone clever enough to detect them and acquire control of them. I think chances are quite good that as you're reading this, more than one person/group is attempting that very thing. They'll probably succeed. And when they do, they'll use yet another C&C mechanism to organize them, harness them, and get on to whatever mischief they choose.

    Seen in that context, this announcement is just a PR exercise. It has no real significance.

  7. How to check DNS server settings on OS X by DrProton · · Score: 3, Informative

    This is good on Lion and Snow Leopard AFAIK: networksetup -getdnsservers Ethernet Wi-Fi

    This command has extensive help: networksetup -help

    I use networksetup every day. I have numerous makefile targets that change my network settings based on my location. I'm a a road warrior changing networks frequently and using a VPN and ssh to connect to the corporate network.

    --
    "Mit der Dummheit kaempfen Goetter selbst vergebens." - Schiller
  8. Re:Windows+Router attack, not OSX by elp · · Score: 2

    I read the link but it didn't mention OSX.

    Let me guess, a Windows turfer? Because you misled people into thinking it was OSX, and added 'Linux' compliment on to get votes.

    Instructions for apple are on page 4 half way down. Did you fail reading in high school?

  9. Re:easier to kick infested machines off? by rdebath · · Score: 2

    I doubt it. There was a story yesterday that 60% of malware found in the wild has no AV-software coverage.

    Why should that be a surprise? AV software is installed on every vulnerable PC sold and even without updates it mostly protects against all the old threats. Even after that there is a pretty good chance it's infernal nagging for a credit card will get an updated AV installed, with or without a CC. The "mindshare" has been built, everybody believes that Windows must have anti-virus.

    But, as has been said repeatedly the AV industry is reactive (though they are starting to try to solve the HARD problem of being intelligently proactive) so all an attacker has to do is make sure that the initial infection vector is obscure. If the initial infection disables the AV it can then download anything; including corpses of old viruses to blame and new updates to run with. The result is that the initial infecting agent will probably no longer exist on the machine, either the botnet will have been upgraded to the most recent version, which isn't yet on the the AV list, or the initial infector will be hidden away to try and stop it getting on the lists at all.

    When I consider it, if I was in "the business", I'd be trying pretty hard to keep information out of the hands of the AV "white hats" and it wouldn't really be difficult, I'd just have to keep changing things to keep one step ahead.