Slashdot Mirror

← Back to Stories (view on slashdot.org)

Half of Fortune 500s, US Agencies Still Infected With DNSChanger Trojan

Posted by samzenpus on from the still-here dept.

tsu doh nimh writes "Two months after authorities shut down a massive Internet traffic hijacking scheme, the malicious software that powered the criminal network is still running on computers at half of the Fortune 500 companies, and on PCs at nearly 50 percent of all federal government agencies. Internet Identity, a Tacoma, Wash. company that sells security services, found evidence of at least one DNSChanger infection in computers at half of all Fortune 500 firms, and 27 out of 55 major government entities. Computers still infected with DNSChanger are up against a countdown clock. As part of the DNSChanger botnet takedown, the feds secured a court order to replace the Trojan's DNS infrastructure with surrogate, legitimate DNS servers. But those servers are only allowed to operate until March 8, 2012. Unless the court extends that order, any computers still infected with DNSChanger may no longer be able to browse the Web. The FBI is currently debating whether to extend the deadline or let it expire."

4 of 112 comments (clear)

  1. Cause is obvious by SlithyMagister · · Score: 5, Funny

    Half of all Fortune 500 Companies run Symantec Endpoint Protection as the AV "solution"

  2. Why, when you can shame 'em too? by Zocalo · · Score: 5, Insightful

    Just re-configure the surrogate DNS servers to return the same reply to every query and point all traffic towards an FBI server hosting a web page that explains what's happened and why they are seeing the web page they are. May as well make mention of the fact that the DoJ has apparently been sending out email notifications followed up with snail mail version of these infections to the designated WHOIS abuse/tech contacts for IP ranges showing infected hosts, just in case they hadn't already figured it out for themselves. I don't think it'll take too long before someone in senior management figures out what that implies and goes for a walk over to the IT department with a clue-by-four.

    --
    UNIX? They're not even circumcised! Savages!
  3. Seriously? by sgt+scrub · · Score: 5, Insightful

    any computers still infected with DNSChanger may no longer be able to browse the Web

    There are over 250 IT departments that not only allow infected machines to remain on the network but allow users to continue to use them?!? The IT world has officially gone to shit. I'm going back to bed.

    --
    Having to work for a living is the root of all evil.
  4. Like playing Whack A Mole by djl4570 · · Score: 5, Interesting

    Back in the mid nineties I had to deal with clueless users installing various crapletts on their systems. Screen savers, animated icons, animated cursors and games mostly downloaded from BBS's, AOL, Prodigy, Delphi etc. As soon as you cleaned up one outbreak there was another. Of course upper management was silent on the matter of installing the crapletts. Here we are fifteen years later and it's the same song. I'm sure the IT departments want to clean this up but upper management isn't providing the necessary support.