Look who is chasing malware now. It’s the FBI of the United States. After busting all the bad guys in the world (sometimes even inside countries considered friendly to them) they are now on to a new hunt – the deadliest DNSChanger Trojan malware.
This Trojan malware is considered to be the most massive internet fraud ever. The truth is that the computers affected with the DNSChanger malware is potentially vulnerable to attacks from other viruses and malware. To understand the enormity of this malware, see what TheHackerNews.com had to say about it ( the article ).
“The DNSChanger malware was first discovered around 2007, and since this time has infected millions of computers, around 500,000 of them being in the U.S., and through these computers the criminals have reportedly pulled in around $14 million in stolen funds.”
What really makes this malware big news is that it can block millions of computers from the Internet as early as March 8th.
Though the FBI has shut down the fraudulent DNS network, to make sure the infected user computers continue to access the internet they have setup a temporary DNSChanger Command and Control network with due consent from the court. This network is nearing its expiry date on March 8th as per the verdict. So, if you use Windows and MacOS, it is advised that you do a complete health check for your system.
“…Unless the FBI obtains a new court order allowing them to continue operating the temporary network, the network will be turned off. Resulting in millions of computers, world-wide, no longer being able to access the Internet.” – Source TheHackerNews.com
To elude such adversity, FBI published the list of rogue DNS server addresses, along with instructions to manually check whether your system is infected or not. ( The FBI doc )
The list of rogue DNS server addresses published by FBI
85.255.112.0 through 85.255.127.255 |
77.67.83.0 through 77.67.83.255 |
67.210.0.0 through 67.210.15.255 |
213.109.64.0 through 213.109.79.255 |
93.188.160.0 through 93.188.167.255 |
64.28.176.0 through 64.28.191.255 |
Irrespective of whether you are an individual or part of a company, the first thing you have to do is to ensure that the following tasks are completed:
- Secure your Internet gateway i.e. your router or the firewall has the legitimate DNS details provided by your Internet Service Provider (ISP). In other words, your DNS server details should not match any of the server addresses from the rogue DNS server address list.
- Scan your DNS server (For companies), servers and end-user machines for this Trojan and correct them immediately.
The latter is more tedious when you have hundreds and thousands of machines to check, and the problem becomes worse, if you are not a techie. However, it is important that you complete the task to prevent problems later.
Stay safe with ME – A Free Tool from Manage Engine
We at ManageEngine understand this pain and have come-up with a small quick tool that helps detect whether your system is infected or not, in a second.
What if your system is infected?
Visit Trend Micro’s HouseCall for a free scan and clean-up and notify the FBI by submitting this form . You should also contact your Internet Service Provider (ISP) for advice on restoring your legitimate DNS settings.
To avoid such incidents in future, FBI also provides guidelines on the following::
- Securing your browser: https://www.us-cert.gov/reading_room/securing_browser/
- Protecting your system against malware and Trojan-recovery guidelines for your system: https://www.us-cert.gov/reading_room/trojan-recovery.pdf
So, stay connected to the Internet, prevent your systems from a Trojan attack. Download this tool and do a self-test on your systems now.