Half of Fortune 500s, US Agencies Still Infected With DNSChanger Trojan

← Back to Stories (view on slashdot.org)

Half of Fortune 500s, US Agencies Still Infected With DNSChanger Trojan

Posted by samzenpus on Sunday February 5, 2012 @03:58AM from the still-here dept.

tsu doh nimh writes "Two months after authorities shut down a massive Internet traffic hijacking scheme, the malicious software that powered the criminal network is still running on computers at half of the Fortune 500 companies, and on PCs at nearly 50 percent of all federal government agencies. Internet Identity, a Tacoma, Wash. company that sells security services, found evidence of at least one DNSChanger infection in computers at half of all Fortune 500 firms, and 27 out of 55 major government entities. Computers still infected with DNSChanger are up against a countdown clock. As part of the DNSChanger botnet takedown, the feds secured a court order to replace the Trojan's DNS infrastructure with surrogate, legitimate DNS servers. But those servers are only allowed to operate until March 8, 2012. Unless the court extends that order, any computers still infected with DNSChanger may no longer be able to browse the Web. The FBI is currently debating whether to extend the deadline or let it expire."

112 comments

Min score:

Reason:

Sort:

Just goes to show you by koan · 2012-02-05 04:00 · Score: 4, Insightful

The only people in IT that know what they are doing are the "hackers".

--
"If any question why we died, Tell them because our fathers lied."
1. Re:Just goes to show you by betterunixthanunix · 2012-02-05 04:07 · Score: 4, Insightful
  
  Unfortunately, proving that you are better than a company's security staff often involves committing a crime, which looks bad when you are applying for a job later in life. Not everyone can be an independent consultant like Kevin Mitnick.
  
  --
  Palm trees and 8
2. Re:Just goes to show you by Anonymous Coward · 2012-02-05 04:26 · Score: 0
  
  What OS does DNSChanger run on?
3. Re:Just goes to show you by koan · 2012-02-05 04:26 · Score: 1
  
  Wow how wrong you are, you simply say to the corporation "I'm a security consultant want to watch me get through your security?" they say "yes", you say "pay me" and then show then how insecure their network truly is.
  It's not as though there are any shortages of hacking stories out there, take the STARTFOR hack recently, 200 gigs of data moved off the network and no one noticed? Unencrypted credit card data? Those seem like newb mistakes to me so they obviously could have benefited from a security audit by someone that is knowledgeable in hacking.
  
  --
  "If any question why we died, Tell them because our fathers lied."
4. Re:Just goes to show you by maxwell+demon · 2012-02-05 04:40 · Score: 1
  
  Wow how wrong you are, you simply say to the corporation "I'm a security consultant want to watch me get through your security?" they say "yes", you say "pay me" and then show then how insecure their network truly is.
  Wow. it's that easy to get into a corporate network? After all, you might be employed by the competition to steal your corporate secrets.
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
5. Re:Just goes to show you by betterunixthanunix · 2012-02-05 04:41 · Score: 4, Insightful
  
  Wow how wrong you are, you simply say to the corporation "I'm a security consultant want to watch me get through your security?" they say "yes", you say "pay me" and then show then how insecure their network truly is.
  Right, because the company is not going to ask to see your credentials before they pay you to attack their system. How do you get your credentials as a security consultant in the first place? How does anyone know that your time is worth paying for?
  
  --
  Palm trees and 8
6. Re:Just goes to show you by Anonymous Coward · 2012-02-05 04:51 · Score: 0
  
  Hence the rise of penetration testing certifications.
  And if they have any brains at all they don't keep their "corporate secrets" where anyone can get them.
7. Re:Just goes to show you by Chris+Mattern · 2012-02-05 05:36 · Score: 2
  
  Wow how wrong you are,they say "yes", you say "pay me" and then show then how insecure their network truly is.
  Wow, you have no conception of how corporation politics work, do you? You simply say to the corporation "I'm a security consultant want to watch me get through your security?" and they say, "If you attempt to hack our systems we will prosecute you to the fullest extent of the law."
8. Re:Just goes to show you by davester666 · 2012-02-05 05:46 · Score: 1
  
  All you need are fancy laminated business cards. It's proof you are a professional.
  
  --
  Sleep your way to a whiter smile...date a dentist!
9. Re:Just goes to show you by koan · 2012-02-05 06:16 · Score: 1
  
  What coincidence:
  http://news.slashdot.org/story/12/02/05/1635243/job-seeking-hacker-gets-30-months-in-prison
  
  --
  "If any question why we died, Tell them because our fathers lied."
10. Re:Just goes to show you by Anonymous Coward · 2012-02-05 06:23 · Score: 0
  
  That's why you ask permission "WANT to watch" obviously the OP's over simplification of the process gave you plenty of ammo for rebuttal however the gist of what he/she is saying is right on the money.
  So, to give back what you gave, "Wow you obviously have no reading comprehension or assessment of the actual point"
11. Re:Just goes to show you by Sir_Sri · 2012-02-05 06:46 · Score: 3, Insightful
  
  That's sort of the point. If they had any brains we wouldn't need to be telling the CEO not to have his password on a post it note on his monitor.
12. Re:Just goes to show you by Runaway1956 · 2012-02-05 06:54 · Score: 2
  
  Uhhhhh - no. Laminated business cards? That's geek, not professional. Pros get those cool embossed stiff paper business cards. Laminated is just to protect a geek's card from Cheeto dust.
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
13. Re:Just goes to show you by couchslug · 2012-02-05 07:00 · Score: 1
  
  Which is why I'd never do that. Fuck 'em. No one who may be hostile to me gets my help. I laugh at their misfortune and wish them more of same.
  Shoot all the messengers ya want, I won't be among them.
  
  --
  "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
14. Re:Just goes to show you by Anonymous Coward · 2012-02-05 07:36 · Score: 0
  
  The only people in IT that know what they are doing are the "hackers".
  Well, in this case it sounds like Bubba is doing the hackers.
15. Re:Just goes to show you by FoolishOwl · 2012-02-05 08:08 · Score: 1
  
  Also, I believe best practices for penetration testing involves negotiating the parameters for the testing and documenting them in a contract. Otherwise it's risky for both sides of the transaction.
16. Re:Just goes to show you by HomelessInLaJolla · 2012-02-05 10:26 · Score: 1
  
  Precisely reflected by "Wheel of Fortune"... Those people have more money, we are more intelligent and solve the puzzle.
  
  --
  the NPG electrode was replaced with carbon blac
17. Re:Just goes to show you by silverglade00 · 2012-02-05 12:10 · Score: 2
  
  If they had any brains, they would know that the CEO does not need access to individual customer's credit card numbers and only needs high level reporting data so getting his password off the monitor wouldn't reveal anything that isn't published on the company's press release page.
18. Re:Just goes to show you by deek · 2012-02-05 13:09 · Score: 2
  
  The only people in IT that know what they are doing are the "hackers".
  Actually, if you think about it, the crackers have a much much easier time of it. They only have to find one security issue. The people in IT have to try and cover ALL security issues. Never mind the fact that it's impossible to cover all security issues, because IT staff don't always have access to source code, are not always expert programmers, and don't necessarily know the best security practices for all programming languages.
19. Re:Just goes to show you by kangsterizer · 2012-02-05 14:45 · Score: 1
  
  The only people in IT that know what they are doing are the "hackers".
  Yes and no. Hackers hack each other rather often, making the other hacker look "dumb".
  But then the other hack hacks the first one back.
  Then which one is better than the other uhm?
  Well none. This stuff is just too darn complex to figure out all the variables at any point in time. You can just focus on some thing and make them better, or break them.
  Or focus on the general issues and try to manage/detect/solve issues on a larger scale.
  Or, of course, be a true genius (true being the keyword here), or redesign your entire hardware and software stack (and i do mean entire, including the os, and so on). In fact, some attempted this at least on the software side, but since no software run on those, even if they're a lot more secure by design, it doesn't help much.
20. Re:Just goes to show you by Anonymous Coward · 2012-02-05 15:21 · Score: 0
  
  Good point all the more reason to keep your important data offline, it really is that simple.
21. Re:Just goes to show you by Anonymous Coward · 2012-02-05 17:40 · Score: 1
  
  no, you've still got it simplified, you need to grab all the security problems on the network, in the order of most politically feasible to fix to least. One does not simply walk in to mordor. You pick on the little guys first, then the bigs get you axed for not "noticing" the stuff they knew was a problem.
22. Re:Just goes to show you by Anonymous Coward · 2012-02-06 02:38 · Score: 0
  
  What OS does DNSChanger run on?
  Hmmm... Well, if I was trying to maximize my efforts, I suppose I'd make the trojan for the OS with about 90% of the desktop market share. It would be stupid to spend a lot of time attacking an OS without a big user base, right?
  Oh wait... That was a snide rhetorical question, wasn't it?
23. Re:Just goes to show you by Kamiza+Ikioi · 2012-02-06 02:39 · Score: 1
  
  Wow how wrong you are, you simply say to the corporation "I'm a security consultant want to watch me get through your security?" they say "yes", you say "pay me" and then show then how insecure their network truly is.
  Right, because the company is not going to ask to see your credentials before they pay you to attack their system. How do you get your credentials as a security consultant in the first place? How does anyone know that your time is worth paying for?
  Your first few jobs are payment after proving what you can do. They put a special file on the server. They pay you if you can produce the file for them. After they pay you, you tell them what you did and how to fix it.
  It's not hard to build a relationship of trust, work your way up with respectable clients, and having a degree in cyber crime doesn't hurt either.
  
  --
  I8-D
24. Re:Just goes to show you by Anonymous Coward · 2012-02-06 04:01 · Score: 0
  
  Yes but the CEO will start shouting "what do you mean, I don't have access to all the data?! I'm the goddamn CEO, bitch!" and then IT will add him to some superuser group just to shut him up.
25. Re:Just goes to show you by thetoadwarrior · 2012-02-06 07:02 · Score: 1
  
  Clearly companies aren't hiring enough people with MBAs.
26. Re:Just goes to show you by silverglade00 · 2012-02-06 08:52 · Score: 1
  
  True. I was including the CEO in the "if they had brains" group... Ahh, there's the problem.
Oh boo hoo by Anonymous Coward · 2012-02-05 04:00 · Score: 2, Insightful

Maybe loss of service will finally motivate owners/managers to clean up the problem.
1. Re:Oh boo hoo by WrongSizeGlass · 2012-02-05 04:14 · Score: 4, Insightful
  
  As part of the DNSChanger botnet takedown, the feds secured a court order to replace the Trojan's DNS infrastructure with surrogate, legitimate DNS servers. But those servers are only allowed to operate until March 8, 2012. Unless the court extends that order, any computers still infected with DNSChanger may no longer be able to browse the Web.
  
  Maybe loss of service will finally motivate owners/managers to clean up the problem.
  You're right. The only way that most of these companies or government agencies will even realize that they are infected/affected will be when some of their PC's stop working properly.
2. Re:Oh boo hoo by Anonymous Coward · 2012-02-05 06:11 · Score: 0
  
  Or they could do it halfway, Have one out of every X number of requests return the server that they control. That server should return a page explaining the situation for every get request for an file extension that would contain html (like html, htm, asp, aspx, cfm, jsp, etc.) and a 404 for everything else. Everyday closer to the deadline decrease the X variable on the dns server.
3. Re:Oh boo hoo by rrohbeck · 2012-02-05 10:32 · Score: 2
  
  Exactly. Just modify the DNS on the servers so that every entry goes to a server in fbi.gov that says "Your computer is infected and here's how to get rid of that."
  
  --
  thegodmovie.com - watch it
Fuck'em by hannson · 2012-02-05 04:01 · Score: 4, Insightful

Just shut it down, it forces them to deal with it.
1. Re:Fuck'em by Anonymous Coward · 2012-02-05 07:00 · Score: 0
  
  Fully agree!
  "Unless the court extends that order, any computers still infected with DNSChanger may no longer be able to browse the Web. "
  Perfect, the solution is already there. Only the stupid "infected" owners will be penalized. Love it.
2. Re:Fuck'em by Antibozo · 2012-02-05 07:11 · Score: 4, Insightful
  
  They should have shut it down in the first place. It's wildly irresponsible and stupid for the FBI to have set up a replacement infrastructure.
  Presumably the hosts that are compromised had a vulnerability. Leaving a working infrastructure in place has masked the signal not only that DNSChanger was installed, but that there might be an unpatched vulnerability. If they'd shut it down, staff would have looked at the boxes and identified that there was malware installed, then cleaned up the boxes in the process and fixed their patching process. Who knows what additional malware may have been installed in the interim using the same or other unpatched vulnerabilities, because the FBI meddled?
  In addition, by taking the responsibility for maintaining a DNS infrastructure, they run the risk of contributing to another mass compromise if the replacement infrastructure is itself compromised or becomes the victim of a cache poisoning attack.
  Stupid, stupid, stupid.
Cause is obvious by SlithyMagister · 2012-02-05 04:02 · Score: 5, Funny

Half of all Fortune 500 Companies run Symantec Endpoint Protection as the AV "solution"
1. Re:Cause is obvious by rubycodez · 2012-02-05 04:41 · Score: 0, Flamebait
  
  and all of them run Windows thinking it's an actual "operating system".
2. Re:Cause is obvious by rubycodez · 2012-02-05 05:14 · Score: 1
  
  guess again, I don't run OSX. still fantasizing about me, eh? get a boyfriend, my man
3. Re:Cause is obvious by Billly+Gates · 2012-02-05 09:55 · Score: 1
  
  You mean the only operting system that can be remotely managed, has the business apps, supports Office (with outlook), has support from every IT professional in existence, can run on every PC ever made, wont break with an apt-get, ... not so real OS?
  Sorry the age of green screen CRT terminals died over 2 decades ago. Not one is going to switch to the IBM mainframe or a big unix box.
  The Wintel PC is here to stay in the Office.
  
  --
  http://saveie6.com/
4. Re:Cause is obvious by Anonymous Coward · 2012-02-06 05:01 · Score: 0
  
  Half of all Fortune 500 Companies run Symantec Endpoint Protection as the AV "solution"
  No AV solution currently will stop the aggressive malware. But Symantec and most AV solutions will block the other 99%. So it makes perfect sense for bigger companies to use a corporate av client that can be centrally managed. Your comment shows you've never managed 150k machines before.
5. Re:Cause is obvious by rubycodez · 2012-02-07 04:40 · Score: 1
  
  ha! Windows *doesn't* run on every personal computer, only those with x86 compatible processor. Plenty of *real* operating systems are portable. Windows doesn't have the support of IT professional in existence, plenty of IT people deal only with other platforms, like me. Outlook plus Windows stack has been responsible for billions of dollars in lost time and data from being a malware portal. It is such a farce that so many pretend that it is a real business or enterprise grade operating system.
  
  Part of my living has been throwing the wintel PC out of big operations, plenty of executives are sick of it.
Redirection? by mehrotra.akash · 2012-02-05 04:08 · Score: 4, Interesting

After the deadline, for a few weeks, redirect all traffic from these machines to a page explaining the issue
Or for some time before the deadline,randomly redirect some requests to a page explaining that the computer is infected and internet will not be usable from the deadline onwards.
1. Re:Redirection? by ae1294 · 2012-02-05 04:24 · Score: 1, Troll
  
  After the deadline, for a few weeks, redirect all traffic from these machines to a page explaining the issue
  Or for some time before the deadline,randomly redirect some requests to a page explaining that the computer is infected and internet will not be usable from the deadline onwards.
  Nah, Goatse and Rickroll'em
pathetic by Anonymous Coward · 2012-02-05 04:11 · Score: 3, Insightful

You just know there are tons of unemployed admins who could easily sort this shit out but instead these companies hired some douchebag fratboy who flunked out of law school to run their networks...
1. Re:pathetic by sgt+scrub · 2012-02-05 04:29 · Score: 4, Funny
  
  The guy in charge of hiring is the bosses son and he "knows the internet".
  
  --
  Having to work for a living is the root of all evil.
2. Re:pathetic by Sir_Sri · 2012-02-05 07:27 · Score: 1
  
  Probably not really. The smalled fortune 500 companies, D.R. Horton and Seaboard both have over 3000 employees (and seaboard is up around 9k), with even that many computers it would be fairly hard to be 100% sure all of them are clean all the time, especially across multiple sites and all that.
"27 out of 55 major government entities" by canada_dry · 2012-02-05 04:11 · Score: 1

Who else thinks they should let the surrogate servers expire? Can you imagine the swift response to correct the problem when the government workers find out they can't surf pr0n all day!
1. Re:"27 out of 55 major government entities" by AliasMarlowe · 2012-02-05 04:16 · Score: 1
  
  Can you imagine the swift response to correct the problem when the government workers find out they can't surf pr0n all day!
  Hey, don't exaggerate. They aren't surfing pr0n all day; just for eight hours (maybe less if they're in late or leave early).
  
  --
  Those who can make you believe absurdities can make you commit atrocities. - Voltaire
2. Re:"27 out of 55 major government entities" by yesteraeon · 2012-02-05 04:44 · Score: 1
  
  Hey don't sell them short! We only know about the pr0n surfing they're doing at work. They're probably putting in another solid 8 hours at home!
3. Re:"27 out of 55 major government entities" by flyingfsck · 2012-02-05 06:18 · Score: 1
  
  Come on, they only leave early to compensate for being in late.
  
  --
  Excuse me, but please get off my Pennisetum Clandestinum, eh!
4. Re:"27 out of 55 major government entities" by gtall · 2012-02-05 23:03 · Score: 1
  
  You do realize that the penalty for surfing porn on government equipment is loss of government job? But thanks for helping spread the myth that government workers do nothing all day. In most cases, they have the worst jobs available, they have to put up with you, the unthinking public. You are the people who believe in JFK conspiracies, UFOs, that the Jews control everything, the Twin Towers was a CIA/FBI plot, etc.
Why, when you can shame 'em too? by Zocalo · 2012-02-05 04:16 · Score: 5, Insightful

Just re-configure the surrogate DNS servers to return the same reply to every query and point all traffic towards an FBI server hosting a web page that explains what's happened and why they are seeing the web page they are. May as well make mention of the fact that the DoJ has apparently been sending out email notifications followed up with snail mail version of these infections to the designated WHOIS abuse/tech contacts for IP ranges showing infected hosts, just in case they hadn't already figured it out for themselves. I don't think it'll take too long before someone in senior management figures out what that implies and goes for a walk over to the IT department with a clue-by-four.

--
UNIX? They're not even circumcised! Savages!
1. Re:Why, when you can shame 'em too? by maxwell+demon · 2012-02-05 04:20 · Score: 1
  
  Just re-configure the surrogate DNS servers to return the same reply to every query and point all traffic towards an FBI server
  I don't think the FBI would have any interest in DDoSing their own server ...
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
2. Re:Why, when you can shame 'em too? by yesteraeon · 2012-02-05 04:42 · Score: 1
  
  They're already receiving all DNS requests from the infected systems, I think they could probably handle serving up a lightweight web page in addition to this.
3. Re:Why, when you can shame 'em too? by dissy · 2012-02-05 06:18 · Score: 2
  
  The FBI is partnered up with GoDaddy, who historically they let handle these types of things.
  They can let GoDaddy host the page, and their network wouldn't even notice it next to the other billion and a half parked and expired domain auction pages.
  I'd be a little surprised of GoDaddy isn't who is currently providing the DNS infrastructure for what they are already doing anyway.
  A tiny text web page with no graphics could easily come in at under 2kb.
  Their servers support Z compression, so at least for all non-IE6 browsers the data transferred over the wire will be even less than that.
  Of course if the FBI is logging all the DNS lookups from infected computers, to add that data to their massive database-of-such-things, then perhaps they will renew the court order and keep silently redirecting people like they have been, to continue recording...
4. Re:Why, when you can shame 'em too? by Anonymous Coward · 2012-02-05 07:39 · Score: 0
  
  Meh, host it somewhere resilient, add some ads at the bottom, profit.
  
  Better make sure the ads are OK though ;).
5. Re:Why, when you can shame 'em too? by gl4ss · 2012-02-06 01:43 · Score: 1
  
  using their dns server without being infected intrigues me for some strange reason. possibly it wouldn't have blocked domains..
  
  --
  world was created 5 seconds before this post as it is.
6. Re:Why, when you can shame 'em too? by Anonymous Coward · 2012-02-06 02:02 · Score: 0
  
  It's pretty straight forward, very clear to the customer and in fact this business practice is already in place in the Netherlands by an internet provider. If the customer is infected and sending out spam, all s/he gets on the internet is a page telling about the infection, and a few links to some free anti-virus programs. This doesn't generate lots of load on the servers and I can assure you it's is VERY effective.
Why are government employees... by Streetlight · 2012-02-05 04:20 · Score: 1

wasting their time browsing the Web. I would think they have better things to do.

--
In a time of universal deceit, telling the truth is a revolutionary act. George Orwell
1. Re:Why are government employees... by Anonymous Coward · 2012-02-05 04:24 · Score: 0
  
  No joke! I mean they need to focus on the true American cause at the moment of annihilating Iran and the people that live there!
IT Knows. by Anonymous Coward · 2012-02-05 04:25 · Score: 1

I came to post the same thing that everyone else already posted: Let them expire!
These people obviously need better protection and the only way they're going to know they're infected is if you let their computers just stop working.
It amazes me that everyone here gets it instinctively, but whatever 'experts' work for the government can't think their way through it.
Seriously? by sgt+scrub · 2012-02-05 04:25 · Score: 5, Insightful

any computers still infected with DNSChanger may no longer be able to browse the Web
There are over 250 IT departments that not only allow infected machines to remain on the network but allow users to continue to use them?!? The IT world has officially gone to shit. I'm going back to bed.

--
Having to work for a living is the root of all evil.
1. Re:Seriously? by Anonymous Coward · 2012-02-05 04:46 · Score: 0
  
  Is it the fault of IT, management or the users? Where I work IT has no control, management demands users have free reign of everything. IT cannot prevent users from continually reinfecting themselves, even if IT is continuously cleaning up the mess.
  I say shutdown the legit DNS servers so we can deal with this one once and for all (or at least more clearly identify the idiots).
2. Re:Seriously? by Billly+Gates · 2012-02-05 09:57 · Score: 1
  
  IT doesn't have time to check every PC for malware. They are just trying not to get fired as the CEO and bean counters look at them as wasteful cost centers that bring down the share price and offer no business value.
  Unless something breaks they wont ever know.
  
  --
  http://saveie6.com/
3. Re:Seriously? by Spad · 2012-02-05 10:03 · Score: 1
  
  Most of the places I've worked have suffered from at least one serious security hole that has gone unaddressed due to either lack of comprehension, lack of skill or lack of funding; be it as obvious as everyone running as root/local admin or more "policy based" problems such as applying crippling restrictions on web browsing but having ways around the filters for "important" people (read: management) that inevitably find their way into the hands of the rest of the staff so that you might as well just turn off the proxies.
  I'm willing to bet that most of those 250 departments either aren't even aware that any of their machines are infected or have been prevented from fixing them by higher priority issues such as rolling out iPads to all the execs so they can show off the size of their penises in meetings.
4. Re:Seriously? by sgt+scrub · 2012-02-06 01:34 · Score: 1
  
  due to either lack of comprehension, lack of skill or lack of funding
  You could have just written, "Bought managers penis enlarging iDevice instead of funding IT". Everyone would have understood.
  
  --
  Having to work for a living is the root of all evil.
5. Re:Seriously? by sgt+scrub · 2012-02-06 01:48 · Score: 1
  
  Is it the fault of IT, management or the users?
  Yes. Dig a hole...
  
  --
  Having to work for a living is the root of all evil.
6. Re:Seriously? by sgt+scrub · 2012-02-06 01:50 · Score: 1
  
  http://alienvault.com/community
  
  --
  Having to work for a living is the root of all evil.
Which can be translated to... by jcreus · 2012-02-05 04:27 · Score: 1

Half of the Fortune 500s use Windows. Joking apart, I doubt anyone uses Linux in the frontends, sadly.
MSE? by mehrotra.akash · 2012-02-05 04:39 · Score: 1

MSE is free with Windows, so is Microsoft Malware removal tool
I'm guessing govt. departments dont use pirated windows, so why not just update MSE definitions to detect this trojan?
1. Re:MSE? by maxwell+demon · 2012-02-05 04:45 · Score: 1
  
  Unless the trojan just prevents the signatures for it to be downloaded.
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
2. Re:MSE? by Anonymous Coward · 2012-02-05 04:51 · Score: 0
  
  Just download the definitions directly from Microsoft from a known-good system, put them on a USB drive, and install it on the infected computer.
3. Re:MSE? by Billly+Gates · 2012-02-05 05:30 · Score: 1
  
  Not that simple. Most use symantic endpoint which will conflict with mse. Users dont have admin rights and there is nothing they can do. Mse is forbidden with more than 10 users.
  Besides the policy from the cio is to use only approved software he bought from his games of golf with slick salesmen. It costs money to hire compentent IT professionals and the bean counters hate this as the goal of the company is to raise its stock price and not keep computers clean.
  
  --
  http://saveie6.com/
4. Re:MSE? by jonwil · 2012-02-05 11:27 · Score: 1
  
  Even if MSE isn't an option, the standard "Windows Malicious Software Removal Tool" that Microsoft makes available as part of every "Patch Tuesday" should be something IT departments are running on their systems.
5. Re:MSE? by ConceptJunkie · 2012-02-05 12:15 · Score: 2
  
  That's about 3 steps too many. That's why it doesn't happen.
  
  --
  You are in a maze of twisty little passages, all alike.
Window only? by mspohr · 2012-02-05 04:48 · Score: 1

Do I have to worry about my Linux and Mac computers?
The article isn't clear (as usual) .

--
I don't read your sig. Why are you reading mine?
1. Re:Window only? by Nerdfest · 2012-02-05 05:01 · Score: 2
  
  I was poking around and found some tips for removing it from OS X machines, so I'm guessing it can affect those.
IPv5 by Anonymous Coward · 2012-02-05 04:50 · Score: 3, Funny

According to the explanation picture in TFA, the address for the contact page of fbi.gov is 987.654.321. Is that IPv5?
1. Re:IPv5 by ColdWetDog · 2012-02-05 05:34 · Score: 4, Funny
  
  According to the explanation picture in TFA, the address for the contact page of fbi.gov is 987.654.321. Is that IPv5?
  That's their phone number, you idiot. The FBI doesn't use computers yet.
  
  --
  Faster! Faster! Faster would be better!
Screw em if they are to lazy to do their job by mordjah · 2012-02-05 04:54 · Score: 1

+1 just pull the plug on the thing. Let the wannabe it managers it at these outfits RTFM and scratch their heads awhile since they dont properly monitor their network. Can we get a list of effected companies? May be in interesting day to short some stocks..

--
"A mind reader? That sounds like sci fi." "Honey, we live on a space ship"
Oh Noes! by PPH · 2012-02-05 04:58 · Score: 1

Unless the court extends that order, any computers still infected with DNSChanger may no longer be able to browse the Web.
Stupid people kicked off the 'Net? What will become of us?
Sadly, since many of these systems are corporate machines, it means that their users are probably prohibited from patching them themselves. So if some PHB has failed to authorize IT to perform the fix, everyone else will suffer.

--
Have gnu, will travel.
In other news by devent · 2012-02-05 04:58 · Score: 1

Users with the system Linux, like Ubuntu, Fedora, Redhat, etc. are still save and still waiting for a virus to target them in the wild.
In other news, Pwn2Own will no more have any Linux systems in the competition, because it would be futile attempt anyway and the proprietary system companies looking bad in comparison.

--
http://www.mueller-public.de - My site http://www.anr-institute.com/ - Advanced Natural Research Institute
1. Re:In other news by Anonymous Coward · 2012-02-05 05:30 · Score: 0
  
  There are not nearly enough people using Linux to justify the effort of making an effective tojan or removable media transmissible virus, or other network independent infection vector. Not that it is impossible to infect it over a network, I just don't want to get into that retarded debate. There is almost nothing to be done to save users from themselves, you just don't have enough of them.
  It would be like a virus in te real world that infected tall red headed people. Even in the world largest unclean camp of tall red headed people, it is unlikely to ever evolve. That doesn't make being red headed cool.
2. Re:In other news by Anonymous Coward · 2012-02-05 06:47 · Score: 0
  
  How about Android?
3. Re:In other news by Anonymous Coward · 2012-02-05 06:56 · Score: 0
  
  servers run linux and have bigger internet pipes than home boxes.
  dumbass.
4. Re:In other news by Runaway1956 · 2012-02-05 07:13 · Score: 1
  
  You poor simple douche. You did get part of your idiocy right - red heads aren't cool, they are HOT! The rest? I hear you whining, "I haven't managed to code any malware that will run reliably on Linux - aww, fuck it, there aren't enough Linux computers to infect anyway!"
  Just run along and play with your self, you douche. Here's a magnifying glass and a pair of tweezers. And, don't be messing with that redhead down the street. She'll tear your fucking head off, and shit down your windpipe, 'cause she doesn't like limp dicked douches like yourself.
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
5. Re:In other news by Anonymous Coward · 2012-02-05 09:54 · Score: 0
  
  right .. linux is only used in places where you are forced to use system administrator to install it, secure it and maintain it.
6. Re:In other news by gtall · 2012-02-05 23:07 · Score: 1
  
  There, there, suffering from low male testosterone again, are we? There are pills you can get, just watch the TV like a good little social misfit.
Like playing Whack A Mole by djl4570 · 2012-02-05 04:59 · Score: 5, Interesting

Back in the mid nineties I had to deal with clueless users installing various crapletts on their systems. Screen savers, animated icons, animated cursors and games mostly downloaded from BBS's, AOL, Prodigy, Delphi etc. As soon as you cleaned up one outbreak there was another. Of course upper management was silent on the matter of installing the crapletts. Here we are fifteen years later and it's the same song. I'm sure the IT departments want to clean this up but upper management isn't providing the necessary support.
1. Re:Like playing Whack A Mole by andymadigan · 2012-02-05 09:38 · Score: 1
  
  Probably because IT thinks everything is a "crapplett". Cygwin? crapplett. Chrome? crapplett. Dia? crapplett. If it's open source, it must be insecure, nevermind that our backend is WebLogic running on Red Hat.
  
  Once someone who's trying to do actual work gets their manager involved, then IT shoots back with "well, we have to certify that it's secure and that will take X months". Management gets sick of IT constantly getting in the way and tells them to bugger off.
  
  IT thinks they can come up with a whitelist of applications and a whitelist of web sites that people need to do their jobs (doubly funny as IT has no idea what those people do). The same logic would have us still using horse driven plows, or would have them using green screen terminals.
  
  --
  The right to protest the State is more sacred than the State.
2. Re:Like playing Whack A Mole by Spad · 2012-02-05 10:13 · Score: 1
  
  Most of those issues are caused by one of two things: 1) Policies created by some moron who doesn't know anything about IT but read a white paper once so thinks they're God's Gift to compliance (my current employer blocks any website that uses a META Refesh because of some reason...security...compliance) or 2) IT staff with a God Complex. Neither are that hard to fix, but both seem endemic across the corporate and government world.
  Smart IT departments deal with this with: "Show me that you need this program to do your job and that we don't already have something in place that does the same thing to the same standard" process along with a quick check to make sure the program is "legit". If it takes you more than a week to do (in most environments), you're doing it wrong.
hi, im president of the united hackers association by Anonymous Coward · 2012-02-05 05:24 · Score: 0

want me to hack you and show you how and how to fix it?
PAY ME NOW
LOL
i see how that goes over....
Maybe not even then. by khasim · 2012-02-05 06:40 · Score: 1

In my experience, they'll just poke at the non-functioning systems until they do something that makes them work again. Or until they run out of ideas and blame the "network card" or something and replace the hardware.
If they don't know that they're infected by now, they don't have the expertise (basic knowledge) to monitor their own systems.
They will just say "yep, that happens to computers sometimes" and move on. Never understanding that there is a huge hole in their security practices.
1. Re:Maybe not even then. by St.Creed · 2012-02-05 09:43 · Score: 1
  
  I'd recommend installing a different Trojan that points to another set of DNS-servers :) If you install an advanced trojan it should be able to keep out the competition as well, likely improving user experience on the computer.
  Of course, the trade off may not be to their liking :)
  
  --
  Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
Ulterior motives? by Anonymous Coward · 2012-02-05 06:43 · Score: 0

Am I the only one that meets this kind of alarmist news from a "security consulting" firm with a massive grain of salt? Their business relies upon these kinds of things, after all. I know as well as many do just how pervasive the 'social engineering' aspect to these kind of threats can be, but I think half is both an exagerrated and self-serving number.
1. Re:Ulterior motives? by fluffy99 · 2012-02-05 07:28 · Score: 1
  
  half is both an exagerrated and self-serving number.
  The way they stated it is exaggerating, but the numbers are plausible. They said they found at least 1 infected computer in half of the Fortune 500 companies, plus one in 27 out of 55 govt agencies. That's a whole whopping 277 computers. Entirely possible. They probably just looked at the logs from the DNS servers.
2. Re:Ulterior motives? by Anonymous Coward · 2012-02-05 07:51 · Score: 0
  
  The impression they create (probably not unintentionally) is that these companies are somehow plagued by a much larger-scale infection of them than a single computer. I find their claims to be a little suspect in that light - either they're lying through the kind of misdirection you're suggesting (saying its 1 computer when the implication to the usual person is that this means the company is infected), or they're just lying about the number of companies.
  Without some more indepth word on how they came to these conclusions its hard if not impossivle to say what the depth of the infection is, or the vector of infection, so I take the news with a massive grain of salt.
Re:hi, im president of the united hackers associat by Anonymous Coward · 2012-02-05 06:44 · Score: 0

Fail it's "P4y meh nao"
QoS (Quality of Sysads) by Anonymous Coward · 2012-02-05 07:08 · Score: 0

The underlying problem here is the same underlying problem we've had all along. If you're some type of antisocial freak, fluent in 1337sp33k and Klingon but not so hot with English, it's not really a shock that you are unemployed and doing your hax0ring from your mother's basement. Maybe you could fix this DNS issue for small or large companies quicker and more efficiently than the IT teams at these corporations, and maybe you're more qualified to do so. Unfortunately, due to your extremely repressive personality, nobody will ever know because you can't talk to people. Most of the real nerds that I meet seem to think they deserve unlimited power to rule the Department of IT with an iron fist, or any other way they see fit. You can save your money and do that with your home network. The office network is not your play thing, and it never will be. It can't just "not work" because you wanted to "try something" you thought would be cool. Oh, and management's job is not to make your life as convenient as possible. You can go through the proper channels just like everyone else. If you can't communicate your needs effectively, that's your problem. When everyone's computers suffer because you didn't get your way, who ends up on the cutting room floor (hint: it's not the end users and it's not the management)? This paragraph is probably lost on most of its readers because, tragically, the average geek will never be able to see past the end of his own nose.
Case in point:
I've been out of IT for a couple years (and oh, what a glorious couple of years), and the IT department where I work has someone on staff about 80 hours per week. I mentioned (bragged) to one of them that I'd bought an OCZ Agility 3, and was proud of Wind0ze for automatically turning on TRIM, turning off defrag, etc. He said he didn't really understand any of that (last sentence), but good for me. Clearly this is not someone who understands the finer points of computers, but this is someone who can keep a decent-size network running efficiently about 99-99.5% of the time. When end-users have problems, IT can explain to them. When someone needs to put a mac on the network, IT doesn't cry to IT's mother about how extended exposure to apples apparantely causes fatal heart attacks, but just does it with a smile on IT's face.
If status quo is nothing, I'd rather have someone who won't cause problems than someone who will find solutions.
1. Re:QoS (Quality of Sysads) by tqk · 2012-02-05 08:39 · Score: 1
  
  ... I'd rather have someone who won't cause problems than someone who will find solutions.
  That sounds just like the douche bag admins who're so powerless/ineffectual/ignorant that they let half of Fortune 500 companies and gov't agencies continue to run malware long after they'd been warned about it.
  Now I understand. The Ostrich defense.
  
  --
  "Tongue tied and twisted, just an Earth bound misfit ..." -- Pink Floyd.
Transparent proxy by Beached · 2012-02-05 07:37 · Score: 1

Couldn't this be mitigated by redirecting all DNS packets to corporate DNS servers and logging all requests for something else?

--
---- aut viam inveniam aut faciam
so your saying by Anonymous Coward · 2012-02-05 07:49 · Score: 0

piracy has its use in employment after all
fake id's that is
Let it expire by Khyber · 2012-02-05 07:49 · Score: 1

These companies and agencies need a solid smack to their face. "NO! NO INTERNET FOR YOU! FIX YOUR SHIT!"

--
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
If the just turn them off... by geekprime · 2012-02-05 07:56 · Score: 2

If the just turn them off then the systems wit the problems will HAVE to be fixed, isn't that the idea?
Perhaps instead of just turning them off when the time is up, start now by redirecting every request to a webpage explaining what is wrong and
a link to a removal tool.
1. Re:If the just turn them off... by oDDmON+oUT · 2012-02-05 08:06 · Score: 1
  
  Mod paret up +1 Insightful
  
  --
  Some days it's just not worth
  chewing through my restraints.
This is a story? by Anonymous Coward · 2012-02-05 13:08 · Score: 0

Come on. Some company publishes a story that there are viruses everywhere, but miraculously, they have a solution for it!!! What great fellows. Does anyone believe what they are saying? It may very well be true (doubt it) but their self serving agenda makes what they are saying unbelievable.
Good by Anonymous Coward · 2012-02-05 15:34 · Score: 0

Very Good! :))
Why? by Shifty0x88 · 2012-02-06 12:04 · Score: 1

Why are we letting the government give a pass to big businesses that simply can't secure their computers. We should be fining them for letting the malware infect their computers in the first place, rather then allowing all the malware to stay on the computers in the first place.
We are just perpetuating the malware/virus problem by giving companies a pass. They won't learn anything, they won't be more money in security since they will think: "Oh we just have to wait for the government to step in, then we will be fine", and they will NEVER learn!
We are not helping the problem