Source: http://www.fbi.gov/news/stories/2011/november/malware_110911/malware_110911 The FBI offers details on determining if you've been affected by DNSChanger in this PDF. The DNS Changer Working Group (DCWG), with cooperation from SANS handlers, will be publishing more details soon as they have been closely monitoring this class of malware. ISC handlers have published many diaries over the years about various DNSChanger malware including a recent Mac version: (Minor) evolution in Mac DNS changer malware DNS changer Trojan for Mac (!) in the wild ISC Handler Donald Smith, who provided the details for this diary entry, advises that: Finally, thanks to a coordinated effort of trusted industry partners, a mitigation plan commenced today to replace rogue DNS servers with clean DNS servers to keep millions online, while providing ISPs the opportunity to coordinate user remediation efforts. Such effort means that those infected with DNSChanger, who otherwise would have had no DNS and basically no Internet ability, still get to use the Intarwebs. :-) Stay tuned for more, and feel free to share your experiences with DNSChanger via comments.
|
Russ McRee 204 Posts ISC Handler Nov 9th 2011 |
Thread locked Subscribe |
Nov 9th 2011 1 decade ago |
Can someone please provide at least the destination IP addresses of the rogue DNS servers? I would like to be able to check my FW logs.
|
Anonymous |
Quote |
Nov 10th 2011 1 decade ago |
Here is a German URL that has IPs:
http://www.heise.de/newsticker/meldung/Operation-Ghost-Click-FBI-nimmt-DNSChanger-Botnetz-hoch-1376540.html |
Jens 42 Posts |
Quote |
Nov 10th 2011 1 decade ago |
Primary source:
http://www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-malware.pdf |
Jens 42 Posts |
Quote |
Nov 10th 2011 1 decade ago |
Andre reminded us of OS X DNS Changers part three as well.
isc.sans.edu/… as a related story of interest. |
Russ McRee 204 Posts ISC Handler |
Quote |
Nov 10th 2011 1 decade ago |
English version of the German article.
http://www.h-online.com/security/news/item/Operation-Ghost-Click-FBI-busts-DNSChanger-botnet-1376746.html |
Russ McRee 2 Posts |
Quote |
Nov 10th 2011 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!