Comments on: Feds Request DNSChanger Deadline Extension

By: DaveMich

DaveMich — Fri, 02 Mar 2012 23:26:55 +0000

It can be difficult for IT departments to track down rogue DNS traffic through within their network. Taking the DNS servers offline would be the best thing to do – the infected NATd computers would no longer function and IT departments could easily track them down based on service calls.

By: Jay

Jay — Fri, 02 Mar 2012 13:48:14 +0000

I also would be shy of any click here to fix, however a redirect to an official looking FBI page (especially if the url is fbi.gov) explaining the situation and suggesting you do research on another machine would probably do the job without training users to blindly click.

Jay

By: CW

CW — Tue, 28 Feb 2012 17:31:10 +0000

Brian,

Do you know if there has been any thought to include DNSChanger detection in the monthly Microsoft Malicious Software Removal Tool? I’ve read security reports in the past, claiming that this tool has removed millions of various infections over the years. Not sure if the DNSChanger malware is too embedded/complex to include in the monthly MS patch, but it’s at least worth a little pondering.

http://support.microsoft.com/kb/890830

By: Rob

Rob — Mon, 27 Feb 2012 16:35:05 +0000

Sorry, that wasn’t all in reply to Mark.

By: Rob

Rob — Mon, 27 Feb 2012 16:34:24 +0000

Several of the early malware variants “fail back” to using the real DNS settings if the hacker DNS isn’t available.

The version that hacked routers only seemed to change one of the DNS servers, the other was still the ISPs DNS server. I don’t know if that was specific to the router brand.

The version that established a rogue DHCP server caused immediate outages to side-impacted boxes in a typical (no DNS outbound) IT environment.

Most of you are idiots.

I wonder who will get these IP addresses next? Whoever gets them will be sucking down a bit of unwanted traffic, and they will have a chance to create some mischief of their own.

>>Also why on Earth did this need to be handed to a private
>>company?!?!?!?!?!?

Did you look at the list of companies and groups participating? Some are recognizable security researchers who have done this type of thing on their own before, with no LEA involvement.

The DNS servers are being run by the ISC. I’m sure you’re familiar with them.

By: thegreyfoxx

thegreyfoxx — Sun, 26 Feb 2012 22:19:41 +0000

… or trust the government agency whose IT systems manager can’t clean up their systems in the 9 months already allowed.
I say, “shut ‘em down March 8″.
That will prompt the mess clean up pronto…!!
Affected Agencies should, uhhhm, “re-assign” their IT managers to the parking lot janitorial squad detail.

By: nikol

nikol — Sun, 26 Feb 2012 00:59:22 +0000

Checking Home Routers for Infections

Coming soon
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

also i get this clicking on Home Routers

By: AlphaCentauri

AlphaCentauri — Sat, 25 Feb 2012 17:36:50 +0000

I wouldn’t want to have to deal with the change of venue hearings. They may want to keep the servers going until they’ve got the jury sequestered somewhere they won’t hear the howls of agony when people can’t visit FB from work.

By: Hayton

Hayton — Sat, 25 Feb 2012 08:36:19 +0000

“I can see why the state department would want to delay shutting down the DNS servers until they’ve actually completed the extradition of the Estonian perps”

Perhaps the plan is to shut the servers down during their trial, to make a point. And hope that none of the jurors has an infected PC and is suddenly cut off from the internet ….

By: AlphaCentauri

AlphaCentauri — Sat, 25 Feb 2012 06:07:54 +0000

I can see why the state department would want to delay shutting down the DNS servers until they’ve actually completed the extradition of the Estonian perps. Half a million angry people disconnected from the internet in one fell swoop in the middle of a business day? A lot of European countries won’t extradite criminals to the US if they could potentially face a death penalty.