6000 Aussie users caught in DNSChanger shutdown

Powered by SC Magazine
 

Last-minute rush.

The Australian Communications and Media Authority estimates 6000 Australian internet users could face disconnection when US authorities shut down rogue DNS servers on Monday.

Up to four million users are believed to have been infected at the height of the DNSChanger advertising scam, which redirected legitimate searches by computer users to malicious sites via rogue DNS servers located in Chicago and New York.

The FBI has had temporary control of the servers since raiding the Estonian group that allegedly made and distributed the DNSChanger malware, gaining a four-month court ordered extension for the arrangement in March.

However, a purported 250,000 machines — including those at more than ten percent of Fortune 500 companies — are expected to remain infected when the DNS servers are switched off at 2pm AEST on July 9.

Any computer still infected with DNSChanger — and thus trying to route all requests through the rogue servers — will not be able to connect to the internet.

Bruce Matthews, manager for e-security operations at the ACMA, told iTnews that most recent figures estimated 6000 machines remained infected in Australia by the malware.

The number is a drop from the 10,000 it estimated in March, as well as from the 7500 machines estimated a fortnight ago, when the ACMA started a last-ditch effort to identify the remaining infections.

The regulator has worked with ISPs to contact customers, and set up a website allowing subscribers to check if they have been infected, but is yet to completely solve the issue.

"We're hoping that there will be a rapid upsurge in action to deal with those infections before July 9," he said.

"We think there's still time for affected customers to take action — it only takes a second to check your infected."

Telstra has joined some US telcos in implementing a new, temporary redirection for its customers in order to provide more time to solve the malware issue after Monday.

Experts said they considered the DNSChanger threat to be small compared with more-prevalent viruses such as Zeus and SpyEye, which infect millions of PCs and are used to commit financial fraud.

"It's a very easy one to fix," said Gunter Ollmann, vice president of research for security company Damballa.

"There are plenty of tools available."

However, Internet Systems Consortium founder Paul Vixie — who had participated in the US raid on the data centres — warned the infection had likely hit modems and routers within homes, as well as the computers themselves.

Cases where a modem's DNS settings had changed — believed to affect up to a third of all cases — would prove more difficult to remediate, and could ultimately require ISPs to "truck-roll" new devices to their customers.

With Reuters

Copyright © iTnews.com.au . All rights reserved.


6000 Aussie users caught in DNSChanger shutdown
 
 
 
Top Stories
Windows 10 lands in Australia
Campaign to get business to upgrade kicks off.
 
NSW to build its own myGov
Service NSW digital profiles available by September.
 
Android bug leaves a billion phones open to attack
Hackers only need phone number to target devices.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Windows 10 is here! (For some)
Jul 29, 2015
Delivery of the free upgrade versions of Windows 10 began today - have you got yours yet?
Microsoft reveals Microsoft Send, a new enterprise chat app to rival Slack
Jul 27, 2015
Microsoft Send is MSN Messenger for grownups, and you could be using it at work very soon
Developers offered $500,000 grants to find HoloLens uses
Jul 8, 2015
Can augmented-reality end up in business?
Microsoft Tossup: The planning app for unorganised groups of friends
Jul 8, 2015
App allows friends to research venues, vote on plans and chat. And depending on how you run your ...
Windows 10 drops 29 July... but only for some
Jul 6, 2015
If you've reserved your copy of Windows 10 and are keenly awaiting its 29 July release, don't ...
Latest Comments
Polls
Should law enforcement be able to buy and use exploits?



   |   View results
Yes
  14%
 
No
  50%
 
Only in special circumstances
  17%
 
Yes, but with more transparency
  18%
TOTAL VOTES: 744

Vote