The Register® — Biting the hand that feeds IT

Feeds

Two weeks 'til the internet disappears, for 58 Fortune 500 companies

Stand by for 4 per cent of the US gov to go dark, too

By John Leyden, 29th June 2012
  • print
  • alert

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

Even though the DNSChanger safety net deadline expires in just two weeks, 12 per cent of Fortune 500 firms still have at least one infected machine on their network, according to a new survey.

DNSChanger screwed up the domain name system (DNS) settings of compromised machines to point surfers to rogue servers, redirecting surfers to dodgy websites as part of a long-running click-fraud and scareware distribution racket. The FBI dismantled the botnet's command-and-control infrastructure back in November, as part of Operation GhostClick.

A court order, twice extended, allowed the Feds to set up replacement DNS Servers that resolved DNS queries from infected machines. This extended safety net will lapse on 9 July. Security laggards – who have had months to act and most recently have been targeted with warning messages from Google and Facebook – will be unable to use the internet normally unless they clean up their systems after this 9 July deadline. Without access to DNS servers it won't be possible to send emails or surf the web, leaving compromised machines cut off from the interwebs.

Despite the seriousness of these looming problems, a survey by IID (Internet Identity), published on Thursday, discovered that 12 per cent of the Fortune 500 firms and 4 per cent of "major" US government organisations are still infected with DNSChanger. The malware also disables security software and updates on infected machines, further increasing the security risk by leaving compromised machines wide open to secondary attacks.

IID reports that at least 58 of all Fortune 500 companies and two out of 55 major government entities had at least one computer or router on their network that was infected with DNSChanger. By comparison, in January IID, half of all Fortune 500 companies and US federal agencies were infected with DNSChanger, so the situation has improved a long way over the last five months but is still far from satisfactory.

The statistics come from IID's security intelligence and reputation services as well as data from other security and internet infrastructure organisations.

At its peak as many four million computers were infected by DNSChanger. An estimated 300,000 machines are still infected, according to figures from the DNSChanger Working Group.

Clean-up advice, along with more information and advice, can be found on the DNSChanger Working Group website here. IID has published an infographic about DNSChanger here. ®

Agentless Backup is Not a Myth

COMMENTS

House Rules Send Corrections
All Reader Comments (43)
Highly Rated
Marty
Reply Icon

Re: remind you of y2k bug lol

" remind you of y2k bug lol "

you know that sort of poke does annoy me....

from 1996 right up to and after y2k we worked our ass's off getting every machine we were responsible up and ready for the y2k swcrew up. up and down the country, and worldwide, IT departments scrambled and sweated to make sue there was no y2k bug to cause trouble... and guess what? all the work paid off. planes did not fall from the sky, boats did not crash into harbours, the nuclear arsenal didn't launch itself, reactors didn't go into meltdown,

Y2K WAS a serious problem, but for all the effort, nothing major (or even minor) went wrong... and what happened? we get a load of stick from nobs who dont have a clue, because we fixed a problem,

we couldn't win.... if we didnt fix the problem, we would have got shit, we fixed it and still got shit....

33
0
pixl97

Headline maddness.

Revised headline...

"Two weeks till a few computers at 58 fortune 500 companies can't resolve domain names."

Sounds pretty lame when you say it the way it is. Hopefully the computer not being able to get online will cause someone to fix the virus infested plauge spreader, maybe clean up some other more active infections too.

17
3
Anonymous Coward
Anonymous Coward
Reply Icon

Not Just Workstations, Not Just Dummies... Sometimes, it's Back-corner Cruft

In any large company, back-corner cruft accumulates.

One day, as a tech, I was on-hand in the mainframe production area as on-site support the day we rolled out a new version of mail software. Workstations were PCs running Win2K, joined our domain; we were using MS management tools.

As I was walking around, I saw a 486 pizza-box sitting on a table. I stopped and stared at it, wondering why I was staring. I realized that (a) there was no monitor attached, and, (b) the power light was on. I looked it over and started tracing wires. There was a patch cable connected to a network walljack. The "activity" light on the NIC was flickering. There was a parallel cable heading off to somewhere, and I found the (attached) mouse and keyboard underneath the table. I followed the twenty-five-foot-plus-likely-out-of-spec parallel cable to a huge machine that had to have been brought into the data center in sections and re-assembled there.

I went back to the PC, found an unused CRT under the table, hooked it up, and turned it on. The 486 was running some flavor of Windows 98 and NPRINTER on an auto-login account. Inspection showed McAfee antivirus updates had been failing on the box for months.

I found an old-time employee and asked her what the monster-sized box did that was at the far end of the parallel cable. She told me, "Oh, that's our high-speed Xerox printer."

Me: "What do you print on it?"

Her: "Bills and paychecks."

9
0

More from The Register

breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
129
breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
59
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving
15
Panda-peddlers cuffed for chess gambling gambit
More porridge on the menu for Chinese coders after second offence
13