CERT mailing list archives
Current Activity - DNSChanger Malware
From: Current Activity <us-cert () us-cert gov>
Date: Thu, 23 Feb 2012 09:46:48 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 US-CERT Current Activity DNSChanger Malware Original release date: February 23, 2012 at 9:27 am Last revised: February 23, 2012 at 9:27 am In November 2011, U.S. Federal prosecutors announced Operation Ghost Click, an investigation that resulted in the arrests of a ring of seven people who allegedly infected millions of computers and DNSChanger malware. The malware may prevent users' anti-virus software from functioning properly and hijack the domain name system (DNS) on infected systems. Systems affected by DNS hijacking may send internet requests to a rogue DNS server rather than a legitimate one. To prevent millions of Internet users infected with the DNSChanger malware from losing Internet connectivity when the members of the ring where arrested, the FBI replaced rogue DNS servers with clean servers. However, the court order allowing the FBI to provide the clean servers is set to expire on March 8, 2012. Computers that are infected with the DNSChanger malware may lose Internet connectivity when these FBI servers are taken offline. US-CERT encourages users and administrators to utilize the FBI's rogue DNS detection tool to ensure their systems are not infected with the DNSChange malware. Computers testing positive for infection of the DNSChanger malware will need to be cleaned of the malware to ensure continued Internet connectivity. Users and administrators are encouraged to implement the following preventative measures to protect themselves from malware campaigns: * Maintain up-to-date antivirus software. * Do not follow unsolicited web links in email messages. * Configure your web browser as described in the Securing Your Web Browser document. * Use caution when opening email attachments. Refer to the Using Caution with Email Attachments Cyber Security Tip for more information on safely handling email attachments. * Implement best security practices as described in the Ten Ways to Improve the Security of a New Computer (pdf) document. Relevant Url(s): <http://www.us-cert.gov/reading_room/TenWaystoImproveNewComputerSecurity.pdf> <https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS> <http://www.us-cert.gov/reading_room/securing_browser/> <http://www.us-cert.gov/cas/tips/ST04-010.html> ==== This entry is available at http://www.us-cert.gov/current/index.html#operation_ghost_click_malware -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBT0ZRTj/GkGVXE7GMAQKslwf/ch6J9yJfEFWr0Jq8BueNHYRY53uuia57 w2wbKMDAXQxBfY9vh0kkvSg9biN3iauzff221xQXjard3cHbqlGDkdLeeiPet1RH sXETsoMZ4DJge9YtsmL7bopWNG5ytiw7Xon0L7d2QXWv3td/Sjrwl2O8ILer4+aC BkyUE6TvLtYkExFGtq8HW0HOe8kFFGyC/BowfEJIMgQeusmkF3YPcT93r6sJhPzP U8LX6zQ2aP6olQf19TOrSFmCfXzrQn9L29ML8WraMdnmyh+b6uWofgSf2Gk9A55a XdDR5IlrP//BRD7PM2RwA0F0PGxfdwuBrEmsGSX8i7VZaABQCMoPDQ== =L6i2 -----END PGP SIGNATURE-----
Current thread:
- Current Activity - DNSChanger Malware Current Activity (Feb 23)
- <Possible follow-ups>
- Current Activity - DNSChanger Malware Current Activity (Mar 07)
- Current Activity - DNSChanger Malware Current Activity (Apr 24)