DNSChanger Malware

UPDATE: On March 5, 2012, a federal judge agreed to allow more time for organizations and individuals to clean systems of the DNSChanger malware and extended the deadline for shutting off servers that had been keeping infected computers connected to the internet.

Although the new deadline is July 9, 2012, US-CERT strongly recommends that organizations and individuals who have not verified that their systems are free of the DNSChanger malware do so as soon as possible. Please refer to the previous entry below for background information and resources on detection and removal of the malware.

-----------------------------

In November 2011, U.S. Federal prosecutors announced Operation Ghost Click, an investigation that resulted in the arrests of a ring of seven people who allegedly infected millions of computers with DNSChanger malware.

The malware may prevent users' anti-virus software from functioning properly and hijack the domain name system (DNS) on infected systems. Systems affected by DNS hijacking may send Internet requests to a rogue DNS server rather than a legitimate one.

To prevent millions of Internet users infected with the DNSChanger malware from losing Internet connectivity when the members of the ring where arrested, the FBI replaced rogue DNS servers with clean servers.

However, the court order allowing the FBI to provide the clean servers is set to expire on March 8, 2012. Computers that are infected with the DNSChanger malware may lose Internet connectivity when these FBI servers are taken offline.

US-CERT encourages users and administrators to utilize the FBI's rogue DNS detection tool to ensure their systems are not infected with the DNSChanger malware. Computers testing positive for infection of the DNSChanger malware will need to be cleaned of the malware to ensure continued Internet connectivity.

Users and administrators are encouraged to implement the following preventative measures to protect themselves from malware campaigns:

Maintain up-to-date antivirus software.
Do not follow unsolicited web links in email messages.
Configure your web browser as described in the Securing Your Web Browser document.
Use caution when opening email attachments. Refer to the Using Caution with Email Attachments Cyber Security Tip for more information on safely handling email attachments.
Implement best security practices as described in the Ten Ways to Improve the Security of a New Computer (pdf) document.

This product is provided subject to this Notification and this Privacy & Use policy.

DNSChanger Malware

Please share your thoughts

Cisco Releases Security Updates Addressing ArcaneDoor, Vulnerabilities in Cisco Firewall Platforms

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA Adds One Known Exploited Vulnerability to Catalog

CISA Releases Two Industrial Control Systems Advisories

DNSChanger Malware

Please share your thoughts

Related Advisories

Cisco Releases Security Updates Addressing ArcaneDoor, Vulnerabilities in Cisco Firewall Platforms

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA Adds One Known Exploited Vulnerability to Catalog

CISA Releases Two Industrial Control Systems Advisories