Feeds

Feds apply for DNSChanger safety net extension

Apply for extension before millions of infected PCs are disconnected

Next gen security for virtualised datacentres

Federal authorities have applied for permission to extend the operation of a safety net that allows machines infected by the DNSChanger Trojan to surf the net as normal beyond a 8 March deadline.

DNSChanger changed an infected system's domain name system (DNS) settings to point towards rogue servers that hijacked web searches and pointed surfers towards various sleazy websites, as part of a long running click-fraud and scareware punting scam. The FBI stepped in and dismantled the botnet's command-and-control infrastructure back in November, as part of Operation GhostClick. As many as 4 million machines were infected as the peak of the botnet's activity.

Rogue DNS servers were replaced by legitimate machines at the time of the takedown operation but nothing was done to disinfect infected PCs, a particular concern since the DNSChanger malware is designed to disable security software, leaving infected machines at heightened risk of infection.

Barring court permission, legitimate servers that were set up to replace rogue DNS servers will be taken offline on 8 March, 120 days after the initial takedown operation. The feds have applied (PDF) to extend this safety net until 9 July.

A study by security firm Internet Identity revealed that at least 250 of all Fortune 500 companies and 27 out of 55 major government entities had at least one computer or router that was infected with DNSChanger in early 2012, findings that suggest the post-Ghost Click clean-up operation is running behind schedule. Barring an extension in the operation of the surrogate DNS servers these infected machine rely upon, surfers will be unable to browse the web or send emails as normal after 8 March, unless the DNS settings of compromised computer are restored to their original state.

More information on how to clean up infected machines, and other resources, can be found on the DNS Changer Working Group website here.

Operation Ghost Click led to the arrest of six Estonian nationals, accused of manipulating millions of infected computers using DNSChanger. The alleged ringleader of the group, Vladimir Tsastsin, and another suspect have been already cleared for extradition to the US. Baltic Business News reports that local courts approved the extradition of the four remaining suspects last week. These extraditions remain subject to government approval but this is all but assured, the local news site reports.

Tsastsin previously ran controversial domain registration firm EstDomains, whose accreditation was pulled by ICANN back in 2008 over concerns that EstDomains had become a haven for cybercriminals.

KrebsOnSecurity has a copy of the indictment against Tsastsin and other suspects in the GhostClick case here (PDF). ®

The essential guide to IT transformation

More from The Register

next story
The police are WRONG: Watching YouTube videos is NOT illegal
And our man Corfield is pretty bloody cross about it
China hopes home-grown OS will oust Microsoft
Doesn't much like Apple or Google, either
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Fast And Furious 6 cammer thrown in slammer for nearly three years
Man jailed for dodgy cinema recording of Hollywood movie
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Don't even THINK about copyright violation, says Indian state
Pre-emptive arrest for pirates in Karnataka
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?