US Govt seeks temporary DNS extension

By on
US Govt seeks temporary DNS extension

Remnants of Operation Ghost Click prove hard to purge.

The US Government has requested a three month extension for the operation of temporary DNS servers to give computer users more time to identify and purge the DNSChanger trojan from their systems.

Security blogger Brian Krebs published a court filing [pdf], which sought an extension to be granted for the operation of the servers in two United States data centres until July 9 this year.

DNSChanger malware infected approximately four million computers in 100 countries, according to FBI statistics. About 500,000 infections alone are in the United States.

The infected computers and routers belong to individuals, businesses and government agencies.

The FBI is seeking the extradition of six Estonian nationals in relation to the malware distribution. The arrests were made in November 2011 under a two-year investigation codenamed 'Operation Ghost Click'.

DNSChanger was allegedly used by the men to "manipulate the multi-billion-dollar Internet advertising industry" to the tune of $US14 million, according to the FBI statement.

The malware redirected users' legitimate searches and URLs to malicious sites via rogue DNS servers. It also disabled anti-virus and software updates.

Under a federal court order, the rogue DNS servers were replaced with legitimate servers that were initially meant to operate until March 8.

This was to give ISPs and users time to identify and rid themselves of infections. If the control servers were switched off straight away, it would likely have disrupted users' internet access.

The US Government is now seeking an extension of the initial court order, which would see the replacement DNS servers continue operating until July 9, according to Krebs' report.

One reason for the request could be the apparently slow progress in removing DNSChanger infections.

It came less than a fortnight after a study by Internet Identity (IID) found high levels of DNSChanger infection among Fortune 500 firms, despite the looming deadline.

IID said it had found "at least 250 of all Fortune 500 companies and 27 out of 55 major government entities had at least one computer or router that was infected with DNSChanger in early 2012."

The firm warned that the rate of infection could spell disaster for users if the temporary DNS servers were switched off as planned.

"Barring further court actions, on March 8, 2012 when ... the legitimate servers are taken down, millions of people may not be able to reach their intended Internet destinations," IID said.

"Because infected computers and routers will have no servers directing their DNS requests, the Internet may literally go dark for people using those computers or routers."

Krebs reported that the court was yet to rule on the extension request.

Information on the DNSChanger clean-up process can be found here.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register

Poll

How should the costs of Australia's piracy scheme be split?
Rights holders should foot the whole bill
50/50
ISPs should foot the whole bill
Government should chip in a bit
Other
Flash is heading towards its grave, and that's...
Great! Good riddance
Sad! Flash had some good qualities
Irrelevant. I don't care
What's Flash?
View poll archive

Whitepapers from our sponsors

What will the stadium of the future look like?
What will the stadium of the future look like?
New technology adoption is pushing enterprise networks to breaking point
New technology adoption is pushing enterprise networks to breaking point
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
The next era of business continuity: Are you ready for an always-on world?
The next era of business continuity: Are you ready for an always-on world?

Log In

Username:
Password:
|  Forgot your password?