It was recently reported that on July 9th, approximately 350,000 computers in the US are in danger of losing their Internet access because they have been infected by DNSChanger malware. Although the FBI and some other organizations had established a safety net to deal with the ubiquitous infections, those measure will be discontinued in July.
The crime underlying this announcement involves a massive cyber-criminal enterprise, which was discovered and shut down by the FBI in 2011. The attack, launched using DNSChanger malware in 2007, was able to infect more than 4 million computers worldwide and an estimated 500,000 in the US before it was uncovered by the FBI. The prosecutions in 2011 were the culmination of a 2-year investigation.
DNSChanger malware works by stealthily redirecting a victim’s access from their familiar and trusted websites to the servers controlled by the cyber-criminal enterprise. At least six perpetrators were arrested and have been charged in a New Your court.
The FBI discovered infected computers belonging to individuals, businesses and even government agencies such as NASA. Using the malware, the thieves were able to manipulate Web advertising, eventually getting away with at least $14 million in illicit ad fees. What’s worse, the attacks had the side effect of dismantling antivirus agents on infected machines, opening them to further malware damage.
DNSChanger works by replacing the DNS server settings of computers that have been infected with the settings of the servers controlled by the crime ring. The criminals also tried to use common default usernames and passwords to access the routers of home users. When they succeeded, the victims’ DNS server settings automatically rerouted their requests to sites controlled by the criminal syndicate.
Although the FBI made it incumbent on individuals and companies to fix their infected computers, they did get an order authorizing the Internet Systems Consortium to deploy and maintain clean DNS servers until July 9. In addition, they established a Web page where you could determine if your computer had been infected by the DNSChanger bug.
The FBI put some of the onus on ISPs, many of which they believe did not do enough to protect their users. By not having security measures in place to protect Web and email processes, sophisticated cyber-crime syndicates, such as the one that spread the DNSChanger malware, were allowed to achieve easy access to subscriber computers.
Although the FBI is to be lauded for successfully exposing and prosecuting this cyber-crime ring, perhaps the greatest lesson is how important it is to have the technology in place to thwart these attempts before they become entrenched. iPrism Web Security, with iGuard URL blocking and exclusive outbound botnet protection, and ePrism Email Security, with Zero Minute Defense have the features required to stop emerging threats at the perimeter – before they turn into massive exploits like the DNSChanger perpetrators have created.