6000 Aussies caught in DNSChanger shutdown

By James Hutchinson on Jul 9, 2012 8:08 AM
Filed under Security

Last-minute rush.

The Australian Communications and Media Authority estimates 6000 Australian internet users could face disconnection when US authorities shut down rogue DNS servers today.

Up to four million users are believed to have been infected at the height of the DNSChanger advertising scam, which redirected legitimate searches by computer users to malicious sites via rogue DNS servers located in Chicago and New York.

The FBI has had temporary control of the servers since raiding the Estonian group that allegedly made and distributed the DNSChanger malware, gaining a four-month court ordered extension for the arrangement in March.

However, a purported 250,000 machines — including those at more than ten percent of Fortune 500 companies — are expected to remain infected when the DNS servers are switched off at 2pm AEST on July 9.

Any computer still infected with DNSChanger — and thus trying to route all requests through the rogue servers — will not be able to connect to the internet.

Bruce Matthews, manager for e-security operations at the ACMA, said most recent figures estimated 6000 machines remained infected in Australia by the malware.

The number is a drop from the 10,000 it estimated in March, as well as from the 7500 machines estimated a fortnight ago, when the ACMA started a last-ditch effort to identify the remaining infections.

The regulator has worked with ISPs to contact customers, and set up a website allowing subscribers to check if they have been infected, but is yet to completely solve the issue.

"We're hoping that there will be a rapid upsurge in action to deal with those infections before July 9," he said.

"We think there's still time for affected customers to take action — it only takes a second to check your infected."

Telstra has joined some US telcos in implementing a new, temporary redirection for its customers in order to provide more time to solve the malware issue after Monday.

Experts said they considered the DNSChanger threat to be small compared with more-prevalent viruses such as Zeus and SpyEye, which infect millions of PCs and are used to commit financial fraud.

"It's a very easy one to fix," said Gunter Ollmann, vice president of research for security company Damballa.

"There are plenty of tools available."

However, Internet Systems Consortium founder Paul Vixie — who had participated in the US raid on the data centres — warned the infection had likely hit modems and routers within homes, as well as the computers themselves.

Cases where a modem's DNS settings had changed — believed to affect up to a third of all cases — would prove more difficult to remediate, and could ultimately require ISPs to "truck-roll" new devices to their customers.

With Reuters

 
Follow us on Facebook and Twitter
 

Copyright © iTnews.com.au . All rights reserved.

6000 Aussies caught in DNSChanger shutdown
 
 
 
 
 
Top Stories
Telstra goes live with Cisco Intercloud in Australia
Key milestone for billion-dollar platform.
 
Toshiba retreating from consumer PC markets
Will cut 900 jobs and focus on B2B.
 
OBS clinches Azure win involving 77 Queensland councils
Information about council roads and rates connected via cloud.
 
Sign up to receive CRN email bulletins
   FOLLOW US...
Polls
My business strategy is to:

Latest Comments
CRN Magazine

Issue: 330 | August 2014

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.