US Govt seeks temporary DNS extension

Powered by SC Magazine
 

Remnants of Operation Ghost Click prove hard to purge.

The US Government has requested a three month extension for the operation of temporary DNS servers to give computer users more time to identify and purge the DNSChanger trojan from their systems.

Security blogger Brian Krebs published a court filing [pdf], which sought an extension to be granted for the operation of the servers in two United States data centres until July 9 this year.

DNSChanger malware infected approximately four million computers in 100 countries, according to FBI statistics. About 500,000 infections alone are in the United States.

The infected computers and routers belong to individuals, businesses and government agencies.

The FBI is seeking the extradition of six Estonian nationals in relation to the malware distribution. The arrests were made in November 2011 under a two-year investigation codenamed 'Operation Ghost Click'.

DNSChanger was allegedly used by the men to "manipulate the multi-billion-dollar Internet advertising industry" to the tune of $US14 million, according to the FBI statement.

The malware redirected users' legitimate searches and URLs to malicious sites via rogue DNS servers. It also disabled anti-virus and software updates.

Under a federal court order, the rogue DNS servers were replaced with legitimate servers that were initially meant to operate until March 8.

This was to give ISPs and users time to identify and rid themselves of infections. If the control servers were switched off straight away, it would likely have disrupted users' internet access.

The US Government is now seeking an extension of the initial court order, which would see the replacement DNS servers continue operating until July 9, according to Krebs' report.

One reason for the request could be the apparently slow progress in removing DNSChanger infections.

It came less than a fortnight after a study by Internet Identity (IID) found high levels of DNSChanger infection among Fortune 500 firms, despite the looming deadline.

IID said it had found "at least 250 of all Fortune 500 companies and 27 out of 55 major government entities had at least one computer or router that was infected with DNSChanger in early 2012."

The firm warned that the rate of infection could spell disaster for users if the temporary DNS servers were switched off as planned.

"Barring further court actions, on March 8, 2012 when ... the legitimate servers are taken down, millions of people may not be able to reach their intended Internet destinations," IID said.

"Because infected computers and routers will have no servers directing their DNS requests, the Internet may literally go dark for people using those computers or routers."

Krebs reported that the court was yet to rule on the extension request.

Information on the DNSChanger clean-up process can be found here.

Copyright © SC Magazine, Australia


US Govt seeks temporary DNS extension
 
 
 
Top Stories
Slow progress in Turnbullistan
[Blog post] How has the NBN moved ahead since regime change?
 
Hacks and frauds can't dampen Bitcoin buzz
[Blog post] Enthusiasts meet in Melbourne.
 
Qantas checks in with cloud computing
Impressed with results of public cloud bake-off.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  23%
 
Application integration concerns
  3%
 
Security and compliance concerns
  31%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  24%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 549

Vote