I heard that on July 9, 2012, A U.S. federal court will take offline all the remaining computers in the U.S. infected...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
with DNS Changer botnet malware. As of late February, according to Internet Identity, 94 Fortune 500 companies and at least three government organizations had systems infected by DNS Changer. Does this mean if I have machines that are infected and don't know it, will some or all of my systems be taken down? What can I do to check for this malware?
The DNS Changer botnet malware is present across many different parts of the Internet, but the fact that large networks haven't taken action to remediate all of the systems is not a potential problem. There are other significant botnets for which we lack the visibility to measure the number of systems they infect. Many of the infected systems could be personal systems that are connected to isolated parts of enterprise networks, but the infected systems may not be isolated or even personal systems.
An enterprise could decide the risk involved with making changes to its DNS, network infrastructure or systems outweigh the risk from not remediating these systems. If there is minimal separation between network(s) with infected systems and the more secure networks, then it might be more important to mitigate the risk from this malware.
Ask the expert!
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)
While your organization, large networks and government agencies still may have infected systems, the expected July 9 government action is not going to take down your network. The DNS Changer botnet takedown might break DNS resolution for the infected systems, thus having the same effect as a NIC card going bad, but most systems on a network shouldn't be affected. So while some hands-on remediation may be required, frankly that is a better alternative than turning a blind eye to enterprise endpoints that may actually be zombies powering a botnet controlled by known criminals.
To identify these potentially infected systems before the takedown happens, monitor for outgoing DNS traffic to the DNS Changer servers. The DNS Changer Working Group provides comprehensive guidance on this malware, including information on how to identify, fix and protect an organization from it.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
SSL attacks "in stealth mode" are helping attackers avoid detection and analysis. Expert Nick Lewis explains how to discover and defend against the ...continue reading
Learn how sinkholing is helping security experts analyze infected devices and even disable malware in compromised endpoints.continue reading
Motion and gestures are being used for mobile malware detection on smartphones. Learn how this method works and whether it is a worthy addition to an...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.