[LINK] itNews: '... DNSChanger shutdown'
Roger Clarke
Roger.Clarke at xamax.com.au
Mon Jul 9 09:47:24 AEST 2012
6000 Aussie users caught in DNSChanger shutdown
James Hutchinson
ITNews
Jul 6, 2012 12:21 PM (2 days ago)
http://www.itnews.com.au/News/307793,6000-aussie-users-caught-in-dnschanger-shutdown.aspx
Last-minute rush.
The Australian Communications and Media Authority estimates 6000
Australian internet users could face disconnection when US
authorities shut down rogue DNS servers on Monday.
Up to four million users are believed to have been infected at the
height of the DNSChanger advertising scam, which redirected
legitimate searches by computer users to malicious sites via rogue
DNS servers located in Chicago and New York.
The FBI has had temporary control of the servers since raiding the
Estonian group that allegedly made and distributed the DNSChanger
malware, gaining a four-month court ordered extension for the
arrangement in March.
However, a purported 250,000 machines - including those at more than
ten percent of Fortune 500 companies - are expected to remain
infected when the DNS servers are switched off at 2pm AEST on July 9.
Any computer still infected with DNSChanger - and thus trying to
route all requests through the rogue servers - will not be able to
connect to the internet.
Bruce Matthews, manager for e-security operations at the ACMA, told
iTnews that most recent figures estimated 6000 machines remained
infected in Australia by the malware.
The number is a drop from the 10,000 it estimated in March, as well
as from the 7500 machines estimated a fortnight ago, when the ACMA
started a last-ditch effort to identify the remaining infections.
The regulator has worked with ISPs to contact customers, and set up a
website allowing subscribers to check if they have been infected, but
is yet to completely solve the issue.
"We're hoping that there will be a rapid upsurge in action to deal
with those infections before July 9," he said.
"We think there's still time for affected customers to take action -
it only takes a second to check your infected."
Telstra has joined some US telcos in implementing a new, temporary
redirection for its customers in order to provide more time to solve
the malware issue after Monday.
Experts said they considered the DNSChanger threat to be small
compared with more-prevalent viruses such as Zeus and SpyEye, which
infect millions of PCs and are used to commit financial fraud.
"It's a very easy one to fix," said Gunter Ollmann, vice president of
research for security company Damballa.
"There are plenty of tools available."
However, Internet Systems Consortium founder Paul Vixie - who had
participated in the US raid on the data centres - warned the
infection had likely hit modems and routers within homes, as well as
the computers themselves.
Cases where a modem's DNS settings had changed - believed to affect
up to a third of all cases - would prove more difficult to remediate,
and could ultimately require ISPs to "truck-roll" new devices to
their customers.
With Reuters
--
Roger Clarke http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in the Faculty of Law University of NSW
Visiting Professor in Computer Science Australian National University
More information about the Link
mailing list