Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43438
  • Total Topics: 16532
  • Online today: 3056
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 3
Guests: 2946
Total: 2949









Author Topic: An Update on DNSChanger and Rogue DNS Servers  (Read 3489 times)

0 Members and 1 Guest are viewing this topic.

Pez

  • SCF VIP Member
  • *****
  • Posts: 776
  • KARMA: 117
  • Gender: Male
  • Pez
An Update on DNSChanger and Rogue DNS Servers
« on: 08. March 2012., 13:16:34 »
In late 2011, the FBI released documents and data focusing on “Operation Ghost Click.” This malicious operation, leveraging a variety of DNSChanger-type malware, was defined by the FBI as an “international cyber ring that infected millions of computers.”

Associated malware samples and events can be traced back several years, and multiple platforms were targeted. To this day many remain affected or infected and are still open to compromise.

The amount of helpful data around this issue is plentiful. Even the FBI has provided a tool to check whether your host/IP is affected.

https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS

So, fast-forward to the present: Within McAfee Labs we have been flooded with queries (forgive the DNS pun) on what will happen on March 8, and what other impacts might ripple through our environments as the FBI takes the next steps toward concluding Operation Ghost Click.

The Good News!

On March 5, a U.S. District Court in New York signed an order to extend the March 8 deadline to July 9.

This extension will allow all affected entities to continue to track down and remediate against hosts that are still compromised. Current data indicates that there are still several million infected or affected hosts worldwide.

Also, as a handy reminder, the offensive Netblocks are well documented:

•67.210.0.0 through 67.210.15.255
•93.188.160.0 through 93.188.167.255
•77.67.83.0 through 77.67.83.255
•213.109.64.0 through 213.109.79.255
•64.28.176.0 through 64.28.191.255
To learn more about how to maintain your online connection and to protect against this malware family, read our new Threat Advisory:

https://kc.mcafee.com/corporate/index?page=content&id=PD23652

For McAfee Customers: Detection for associated malware is provided under the DNSChanger Trojan family.

For example: http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=141841

Other Resources:

•McAfee Labs Security Advisory MTIS11-219
•McAfee Labs Threat Advisory on DNSChanger
•McAfee Labs DNSChanger Description Search
•The FBI’s DNSChanger Malware
 •United States District Court Southern District of New York Post-Indictment Protective Order extending the March 8 date.

Orginal article: Tuesday, March 6, 2012 at 10:48am by Jim Walter
Their is two easy way to configure a system!
Every thing open and every thing closed.
Every thing else is more or less complex.

Start Turfing ! http://scforum.info/index.php/topic,8405.msg21475.html#msg21475

Samker's Computer Forum - SCforum.info

An Update on DNSChanger and Rogue DNS Servers
« on: 08. March 2012., 13:16:34 »

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: An Update on DNSChanger and Rogue DNS Servers
« Reply #1 on: 08. March 2012., 15:41:11 »

Related topics:

- "FBI's "Operation Ghost Click" takedown biggest ever cyber-scam botnet": http://scforum.info/index.php/topic,7195.0.html

- "Remove "DNSChanger" Trojan, Check is your PC infected ?!": http://scforum.info/index.php/topic,7472.0.html



Samker's Computer Forum - SCforum.info

Re: An Update on DNSChanger and Rogue DNS Servers
« Reply #1 on: 08. March 2012., 15:41:11 »

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023