Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNSChanger Botnet taken down


  • Please log in to reply
1 reply to this topic

#1 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,257 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:06:04 AM

Posted 10 November 2011 - 05:26 PM

The US Federal Bureau of Investigation, in cooperation with Dutch police and several companies and universities, has effected the take-down of the DNSChanger botnet. The take-down involved the seizure of servers and the indictment of several Estonians affiliated with the shady hosting company Rove Digital. An unnamed Russian suspect remains at large.

Beginning in 2007, the cyber ring used a class of malware called DNSChanger to infect approximately 4 million computers in more than 100 countries. There were about 500,000 infections in the U.S., including computers belonging to individuals, businesses, and government agencies such as NASA. The thieves were able to manipulate Internet advertising to generate at least $14 million in illicit fees. In some cases, the malware had the additional effect of preventing users’ anti-virus software and operating systems from updating, thereby exposing infected machines to even more malicious software.

-FBI Press Release

The FBI has posted an online tool which can tell you if your computer's DNS settings have been tampered with, which can be found here. The FBI would also like anyone affected by this malware to contact them using this form.

The DNS Changer Working Group, which was formed to aide in the take-down and clean up, expects to install their own DNS servers in place of the malicious ones. These servers will allow the DCWG to alert users of infected computers that their system was compromised.

Further Reading:
http://www.theregister.co.uk/2011/11/10/botnet_take_down_clean_up/
http://countermeasures.trendmicro.eu/how-to-check-if-you-are-a-victim-of-operation-ghost-click/
http://blog.trendmicro.com/esthost-taken-down-%E2%80%93-biggest-cybercriminal-takedown-in-history/

Resources:
FBI's DNSChanger Detection Page
FBI's DNSChanger Victim Contact Form


The malicious DNS servers fall into these IP address ranges:
85.255.112.0 - 255
67.210.0.0 - 255
93.188.160.0 - 255
77.67.83.0 - 255
213.109.64.0 - 255
64.28.176.0 - 255

Edited by Andrew, 10 November 2011 - 05:51 PM.


BC AdBot (Login to Remove)

 


#2 keyboardNinja

keyboardNinja

    Bleepin' Ninja


  • BC Advisor
  • 4,815 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh interwebz
  • Local time:07:04 AM

Posted 10 November 2011 - 07:40 PM

:clapping:
PICNIC - Problem In Chair, Not In Computer

Posted Image Posted Image

20 Things I Learned About Browsers and the Web




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users