CERT mailing list archives

Current Activity - DNSChanger Malware

From: Current Activity <us-cert () us-cert gov>
Date: Tue, 24 Apr 2012 14:35:26 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

DNSChanger Malware

Original release date: Tuesday, April 24, 2012 at 2:20 pm
Last revised: Tuesday, April 24, 2012 at 2:20 pm


US-CERT encourages users and administrators to ensure their systems are
not infected with the DNSChanger malware by utilizing tools and
resources available at the DNS Changer Working Group (DCWG) website.
Computers testing positive for infection of DNSChanger malware will need
to be cleaned of the malware in order to maintain continued internet
connectivity beyond July 9, 2012.

On November 8, 2011, the FBI, NASA-OIG, and Estonian police arrested
several cyber criminals in "Operation Ghost Click." The criminals
operated under the company name "Rove Digital," and distributed DNS
changing viruses, variously known as TDSS, Alureon, TidServ, and TDL4
viruses.

Additional information about Operation Ghost Click and the DNSChanger
malware is available at the FBI website.

Relevant Url(s):
<http://www.dcwg.org/>

<http://www.fbi.gov/news/stories/2011/november/malware_110911>


____________________________________________________________________

   Produced by US-CERT, a government organization.
____________________________________________________________________

This product is provided subject to the Notification as indicated here:
http://www.us-cert.gov/legal.html#notify

This document can also be found at
http://www.us-cert.gov/current/#dnschanger_malware

For instructions on subscribing to or unsubscribing from this
mailing list, visit http://www.us-cert.gov/cas/signup.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBT5byZD/GkGVXE7GMAQI7/Af/TYNZRXHzL7NnmKXHS11MKNLqXeAsGsXG
JpDmQN1tAC6wABTQaw6QLju1xUWVcY04HnrEifVQqwzvcmsPoDEDd25vu5NBGAhc
OYk5vie2ieB0brO8kEMxGHg22UEkJ934+tRZ10b6Y99CrWr1VGjJWKqWJEZDBaDH
cwbpz/avGa+v7otohqSCRFCoKs39BN6PAS+Fe9qoc4vAkvAdNgajGtGKsgL5MIq1
j5Io68eH7UmpjzYlqaQjhc0H02mexUB0QADnXWVghMQrTln/2JXc1Dqeh+GWxhy/
uAWqsheO4WLGNtkNJuuHeUxmMVn7HPuoEHDS3nJ9ekxD6KdlbYN6dg==
=K6Hr
-----END PGP SIGNATURE-----

Current thread:

Current Activity - DNSChanger Malware Current Activity (Feb 23)
- <Possible follow-ups>
- Current Activity - DNSChanger Malware Current Activity (Mar 07)
- Current Activity - DNSChanger Malware Current Activity (Apr 24)