Two weeks 'til the internet disappears, for 58 Fortune 500 companies
Stand by for 4 per cent of the US gov to go dark, too
Even though the DNSChanger safety net deadline expires in just two weeks, 12 per cent of Fortune 500 firms still have at least one infected machine on their network, according to a new survey.
DNSChanger screwed up the domain name system (DNS) settings of compromised machines to point surfers to rogue servers, redirecting surfers to dodgy websites as part of a long-running click-fraud and scareware distribution racket. The FBI dismantled the botnet's command-and-control infrastructure back in November, as part of Operation GhostClick.
A court order, twice extended, allowed the Feds to set up replacement DNS Servers that resolved DNS queries from infected machines. This extended safety net will lapse on 9 July. Security laggards – who have had months to act and most recently have been targeted with warning messages from Google and Facebook – will be unable to use the internet normally unless they clean up their systems after this 9 July deadline. Without access to DNS servers it won't be possible to send emails or surf the web, leaving compromised machines cut off from the interwebs.
Despite the seriousness of these looming problems, a survey by IID (Internet Identity), published on Thursday, discovered that 12 per cent of the Fortune 500 firms and 4 per cent of "major" US government organisations are still infected with DNSChanger. The malware also disables security software and updates on infected machines, further increasing the security risk by leaving compromised machines wide open to secondary attacks.
IID reports that at least 58 of all Fortune 500 companies and two out of 55 major government entities had at least one computer or router on their network that was infected with DNSChanger. By comparison, in January IID, half of all Fortune 500 companies and US federal agencies were infected with DNSChanger, so the situation has improved a long way over the last five months but is still far from satisfactory.
The statistics come from IID's security intelligence and reputation services as well as data from other security and internet infrastructure organisations.
At its peak as many four million computers were infected by DNSChanger. An estimated 300,000 machines are still infected, according to figures from the DNSChanger Working Group.
Re: remind you of y2k bug lol
" remind you of y2k bug lol "
you know that sort of poke does annoy me....
from 1996 right up to and after y2k we worked our ass's off getting every machine we were responsible up and ready for the y2k swcrew up. up and down the country, and worldwide, IT departments scrambled and sweated to make sue there was no y2k bug to cause trouble... and guess what? all the work paid off. planes did not fall from the sky, boats did not crash into harbours, the nuclear arsenal didn't launch itself, reactors didn't go into meltdown,
Y2K WAS a serious problem, but for all the effort, nothing major (or even minor) went wrong... and what happened? we get a load of stick from nobs who dont have a clue, because we fixed a problem,
we couldn't win.... if we didnt fix the problem, we would have got shit, we fixed it and still got shit....
"Two weeks till a few computers at 58 fortune 500 companies can't resolve domain names."
Sounds pretty lame when you say it the way it is. Hopefully the computer not being able to get online will cause someone to fix the virus infested plauge spreader, maybe clean up some other more active infections too.
Not Just Workstations, Not Just Dummies... Sometimes, it's Back-corner Cruft
In any large company, back-corner cruft accumulates.
One day, as a tech, I was on-hand in the mainframe production area as on-site support the day we rolled out a new version of mail software. Workstations were PCs running Win2K, joined our domain; we were using MS management tools.
As I was walking around, I saw a 486 pizza-box sitting on a table. I stopped and stared at it, wondering why I was staring. I realized that (a) there was no monitor attached, and, (b) the power light was on. I looked it over and started tracing wires. There was a patch cable connected to a network walljack. The "activity" light on the NIC was flickering. There was a parallel cable heading off to somewhere, and I found the (attached) mouse and keyboard underneath the table. I followed the twenty-five-foot-plus-likely-out-of-spec parallel cable to a huge machine that had to have been brought into the data center in sections and re-assembled there.
I went back to the PC, found an unused CRT under the table, hooked it up, and turned it on. The 486 was running some flavor of Windows 98 and NPRINTER on an auto-login account. Inspection showed McAfee antivirus updates had been failing on the box for months.
I found an old-time employee and asked her what the monster-sized box did that was at the far end of the parallel cable. She told me, "Oh, that's our high-speed Xerox printer."
Me: "What do you print on it?"
Her: "Bills and paychecks."