6000 Aussie users caught in DNSChanger shutdown

Powered by SC Magazine
 

Last-minute rush.

The Australian Communications and Media Authority estimates 6000 Australian internet users could face disconnection when US authorities shut down rogue DNS servers on Monday.

Up to four million users are believed to have been infected at the height of the DNSChanger advertising scam, which redirected legitimate searches by computer users to malicious sites via rogue DNS servers located in Chicago and New York.

The FBI has had temporary control of the servers since raiding the Estonian group that allegedly made and distributed the DNSChanger malware, gaining a four-month court ordered extension for the arrangement in March.

However, a purported 250,000 machines — including those at more than ten percent of Fortune 500 companies — are expected to remain infected when the DNS servers are switched off at 2pm AEST on July 9.

Any computer still infected with DNSChanger — and thus trying to route all requests through the rogue servers — will not be able to connect to the internet.

Bruce Matthews, manager for e-security operations at the ACMA, told iTnews that most recent figures estimated 6000 machines remained infected in Australia by the malware.

The number is a drop from the 10,000 it estimated in March, as well as from the 7500 machines estimated a fortnight ago, when the ACMA started a last-ditch effort to identify the remaining infections.

The regulator has worked with ISPs to contact customers, and set up a website allowing subscribers to check if they have been infected, but is yet to completely solve the issue.

"We're hoping that there will be a rapid upsurge in action to deal with those infections before July 9," he said.

"We think there's still time for affected customers to take action — it only takes a second to check your infected."

Telstra has joined some US telcos in implementing a new, temporary redirection for its customers in order to provide more time to solve the malware issue after Monday.

Experts said they considered the DNSChanger threat to be small compared with more-prevalent viruses such as Zeus and SpyEye, which infect millions of PCs and are used to commit financial fraud.

"It's a very easy one to fix," said Gunter Ollmann, vice president of research for security company Damballa.

"There are plenty of tools available."

However, Internet Systems Consortium founder Paul Vixie — who had participated in the US raid on the data centres — warned the infection had likely hit modems and routers within homes, as well as the computers themselves.

Cases where a modem's DNS settings had changed — believed to affect up to a third of all cases — would prove more difficult to remediate, and could ultimately require ISPs to "truck-roll" new devices to their customers.

With Reuters

Copyright © iTnews.com.au . All rights reserved.


6000 Aussie users caught in DNSChanger shutdown
 
 
 
Top Stories
Photos: Global Switch opens Sydney East data centre
First stage opened, to some fanfare.
 
ATO releases long-awaited Bitcoin guidance
Everyday investors escape the tax man.
 
Why the Weather Bureau’s new supercomputer is a 'gamechanger'
IT transformation starts to reap results.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Run a small business in western Sydney?
Aug 15, 2014
This event might be of interest if you're looking to meet other people with a similar interest ...
Buying a tablet? Microsoft's Surface Pro 3 goes on sale this month
Aug 8, 2014
Microsoft has announced its Surface Pro 3 will go on sale in Australia on 28 August from ...
Apple's top MacBook Pro with Retina is now cheaper
Aug 1, 2014
Apple has updated its MacBook Pro range with faster processors and new pricing, including ...
Pass on carbon tax savings, warns ACCC
Jul 24, 2014
The ACCC is warning businesses that supply "regulated goods" to pass on any cost savings ...
Have customers that won't pay debts?
Jul 10, 2014
The ACCC and ASIC have updated their advice when it comes to collecting debts.
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  68%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  12%
 
Denial of service attacks
  7%
 
Insider threats
  11%
TOTAL VOTES: 469

Vote