Two weeks 'til the internet disappears, for 58 Fortune 500 companies

[InfoSec News <alerts () infosecnews org>]

http://www.theregister.co.uk/2012/06/29/dnschanger_rife_as_deadline_looms/

By John Leyden
The Register
29th June 2012

Even though the DNSChanger safety net deadline expires in just two 
weeks, 12 per cent of Fortune 500 firms still have at least one infected 
machine on their network, according to a new survey.

DNSChanger screwed up the domain name system (DNS) settings of 
compromised machines to point surfers to rogue servers, redirecting 
surfers to dodgy websites as part of a long-running click-fraud and 
scareware distribution racket. The FBI dismantled the botnet's 
command-and-control infrastructure back in November, as part of 
Operation GhostClick.

A court order, twice extended, allowed the Feds to set up replacement 
DNS Servers that resolved DNS queries from infected machines. This 
extended safety net will lapse on 9 July. Security laggards – who have 
had months to act and most recently have been targeted with warning 
messages from Google and Facebook – will be unable to use the internet 
normally unless they clean up their systems after this 9 July deadline. 
Without access to DNS servers it won't be possible to send emails or 
surf the web, leaving compromised machines cut off from the interwebs.

Despite the seriousness of these looming problems, a survey by IID 
(Internet Identity), published on Thursday, discovered that 12 per cent 
of the Fortune 500 firms and 4 per cent of "major" US government 
organisations are still infected with DNSChanger. The malware also 
disables security software and updates on infected machines, further 
increasing the security risk by leaving compromised machines wide open 
to secondary attacks.

[...]

--
Learn how to be a Pen Tester, CISSP, ISSMP, or ISSAP with Expanding Security online.
Come to a free class and see how good and fun the program really is.
http://www.expandingsecurity.com/PainPill