nanog mailing list archives
RE: Operation Ghost Click
From: "Frank Bulk" <frnkblk () iname com>
Date: Thu, 26 Apr 2012 19:38:54 -0500
The good folks at Shadowserver has been giving us a feed of IPs that are hitting those DNS server since November and last month we got the last of the customers cleaned up. Not all ISPs are non-proactive. Frank -----Original Message----- From: Paul Graydon [mailto:paul () paulgraydon co uk] Sent: Thursday, April 26, 2012 4:48 PM To: nanog () nanog org Subject: Re: Operation Ghost Click On 04/26/2012 11:44 AM, Andrew Latham wrote:
On Thu, Apr 26, 2012 at 5:38 PM, Jeroen van Aart<jeroen () mompl net> wrote:Excuse the horrible subject :-) Anyone have anything insightful to say about it? Is it just lots of fuss about nothing or is it an actual substantial problem? http://www.fbi.gov/news/stories/2011/november/malware_110911 "Update on March 12, 2012: To assist victims affected by the DNSChanger malicious software, the FBI obtained a court order authorizing the Internet Systems Consortium (ISC) to deploy and maintain temporary clean DNS servers. This solution is temporary, providing additional time for victims to clean affected computers and restore their normal DNS settings. The clean DNS servers will be turned off on July 9, 2012, and computers still impacted by DNSChanger may lose Internet connectivity at that time." -- Earthquake Magnitude: 5.5 Date: Thursday, April 26, 2012 19:21:45 UTC Location: off the west coast of northern Sumatra Latitude: 2.6946; Longitude: 94.5307 Depth: 26.00 kmYes its a major problem for the users unknowingly infected. To them it will look like their Internet connection is down. Expect ISPs to field lots of support calls.
Based on conversations on this list a month or so ago, ISPs were contacted with details of which of their IPs had compromised boxes behind them, but it seems the consensus is that ISP were going to just wait for users to phone support when it broke rather than be proactive about it. Paul
Current thread:
- Operation Ghost Click Jeroen van Aart (Apr 26)
- Re: Operation Ghost Click Andrew Latham (Apr 26)
- Re: Operation Ghost Click Leigh Porter (Apr 26)
- Re: Operation Ghost Click Andrew Fried (Apr 26)
- Re: Operation Ghost Click Kyle Creyts (Apr 26)
- Re: Operation Ghost Click Andrew Latham (Apr 26)
- Re: Operation Ghost Click Kyle Creyts (Apr 26)
- Re: Operation Ghost Click Sam Tetherow (Apr 27)
- Re: Operation Ghost Click Leigh Porter (Apr 26)
- Re: Operation Ghost Click Andrew Latham (Apr 26)
- Re: Operation Ghost Click Paul Graydon (Apr 26)
- RE: Operation Ghost Click Frank Bulk (Apr 26)
- Re: Operation Ghost Click Jeff Kell (Apr 26)
- RE: Operation Ghost Click O'Reirdan, Michael (Apr 27)
- Re: Operation Ghost Click Jeroen van Aart (Apr 27)
- Re: Operation Ghost Click Ameen Pishdadi (Apr 27)
- Re: Operation Ghost Click ryanL (Apr 27)
- Re: Operation Ghost Click Ameen Pishdadi (Apr 27)
- Re: Operation Ghost Click Valdis . Kletnieks (Apr 27)
- Message not available
- Message not available
- Re: Operation Ghost Click A. Pishdadi (Apr 27)
- Message not available
- Message not available
- Re: Operation Ghost Click A. Pishdadi (Apr 27)
- Re: Operation Ghost Click Florian Weimer (Apr 28)