Warning: DNS Changer Lives

Thursday, November 17, 2011

Simon Heron

A88973e7d0943d295c99820ab9aeed27

Despite federal prosecutors recent success against the infrastructure of DNS Changer and the prosecution of seven Eastern Europeans, it appears that the malware itself still survives. 

With its ability to infect and change systems’ DNS so that users were then redirected to websites of the scammers choosing, DNS Changer allows criminals to make money through a series of ploys. 

The method of choice of the seven accused being to exploit click ads.  It affects both Macs and Windows systems, it has been around for over five years and so it is a pretty serious threat.

So how do you find out if you are infected?  Check your DNS server settings.  On Windows open a command prompt and type “ipconfig /all”. 

This returns a plethora of information but just look for the “DNS Server” entry.  On a Mac, in “System Preferences” select “Network”, and from there select “Advanced”.

Infected systems will show IP addresses in the following ranges (from the FBI):

  • 85.255.112.0 – 85.255.127.255
  • 67.210.0.0 – 67.210.15.255
  • 93.188.160.0 – 93.188.167.255
  • 77.67.83.0 – 77.67.83.255
  • 213.109.64.0 – 213.109.79.255
  • 64.28.176.0 – 64.28.191.255

Companies will need to check their servers and their routers to ensure they have not been compromised.

Cross-posted from RedScan

Possibly Related Articles:
11912
Viruses & Malware
Information Security
malware Botnets FBI Clickjacking Cyber Crime Operation Ghost Click DNS Changer
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.