Will the FBI close down your online business this March?

Half of all Fortune 500 companies are still infected.

Now this is where it gets interesting and a little perturbing: the FBI managed to secure a court order which enabled it to replace the DNS heart of the Trojan, so that all traffic would flow through a surrogate DNS server instead. The court order in question allows the FBI to maintain this surrogate DNS service until 8 March. After which, and I'm guessing you are ahead of me here, any business whose computers are still infected with the Trojan, and therefore still using this surrogate DNS service, will find themselves removed from the internet entirely and dumped into 404-ville.

Which could, if the numbers I have seen are to be believed, lead to an awful lot of companies suddenly and catastrophically being denied access to the internet. Within the US alone, and remember that DNSChanger was a global infection spreading across more than 100 countries, half of all Fortune 500 companies are still infected and half of all major government agencies likewise carry at least one infected machine.

The DNSChanger Working Group, established to help co-ordinate remediation of the Trojan infection, is known to be considering applying for an extension to the court deadline to relieve the likely impact otherwise, given the high number of infections still found to be active. But it could all be something of a pointless exercise. After all, the Conficker Working Group had a similar remit and some three years after it was founded there are still thought to be around three million systems still infected with the Conficker Worm.

It would be a good thing if the situation frightened those enterprises who have not bothered to properly scan for and remove any DNSChanger infections to implement a proper security strategy. If you want to be sure you are not one of them, then perhaps you should contact your security vendor for advice as to how to check your network for evidence of infection.

One cannot help but marvel at the irony of the timing of all this though, what with Anonymous having made a declaration that it would launch a DDoS attack against DNS root servers, and effectively take down the internet, on 30 March. Now it looks like, for a large number of businesses anyway, that the FBI may just beat them to it.

Davey Winder

Davey is a three-decade veteran technology journalist specialising in cybersecurity and privacy matters and has been a Contributing Editor at PC Pro magazine since the first issue was published in 1994. He's also a Senior Contributor at Forbes, and co-founder of the Forbes Straight Talking Cyber video project that won the ‘Most Educational Content’ category at the 2021 European Cybersecurity Blogger Awards.

Davey has also picked up many other awards over the years, including the Security Serious ‘Cyber Writer of the Year’ title in 2020. As well as being the only three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) Davey was also named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro Magazine called ‘Threats to the Internet.’ In 2011 he was honoured with the Enigma Award for a lifetime contribution to IT security journalism which, thankfully, didn’t end his ongoing contributions - or his life for that matter.

You can follow Davey on Twitter @happygeek, or email him at davey@happygeek.com.