IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more
In-depth

Will the FBI close down your online business this March?

In tackling the DNSChanger botnet, the FBI may take a load of businesses offline. Davey Winder is, unsurprisingly, anxious...

Even though the botnet behind the DNSChanger Trojan was dismantled towards the end of last year, a huge number of enterprises appear to still be infected.

So what's the problem if the power behind the Trojan has been hauled off to jail? Well how about the small matter of the FBI apparently insisting it will seek to disconnect any computer still found to be infected with DNSChanger on 8 March?

DNSChanger was one of the most malicious of Trojans to hit businesses last year, infecting around 4 million computers globally. It worked by changing the host system's Domain Name Server (DNS) settings to point them at assorted advertising and often malicious sites via the now dismantled botnet.It also made changes to ensure that infected systems could no longer access security vendor sites in order to get help with removal of the thing.

DNSChanger was one of the most malicious of Trojans to hit businesses last year.

It was a typically clever bit of malware and one that proved to be pretty successful, allegedly netting the Estonian gang behind it upwards of 8 million in profit. It did all of this by simply changing the NameServer Registry key value to a custom IP address upon installation of the malicious executable.

But, I have to ask on your behalf once again, why does any of this actually matter now the command and control botnet that was handling the DNS diversions has been dismantled and no longer exists, so that those infected computers cannot be pointed towards the nefarious sites? That's where the FBI comes in.

The botnet itself was uncovered after a co-ordinated attack on the malware infrastructure. Law enforcement authorities and service providers effectively reverse engineered the botnet and alerted customers whose machines were infected with the Trojan.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Anonymous hijacks Russian broadcasts with footage of Ukraine war
hacking

Anonymous hijacks Russian broadcasts with footage of Ukraine war

7 Mar 2022
Ten ways to protect your company from the next big data breach
data breaches

Ten ways to protect your company from the next big data breach

18 Feb 2022
Gumtree site code made personal data of users and sellers publicly accessible
data protection

Gumtree site code made personal data of users and sellers publicly accessible

16 Dec 2021
Pizza chain exposed 100,000 employees' Social Security numbers
data breaches

Pizza chain exposed 100,000 employees' Social Security numbers

19 Nov 2021

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Costa Rica declares state of emergency following Conti ransomware attack
ransomware

Costa Rica declares state of emergency following Conti ransomware attack

10 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022