Will the FBI close down your online business this March?

In tackling the DNSChanger botnet, the FBI may take a load of businesses offline. Davey Winder is, unsurprisingly, anxious...

Half of all Fortune 500 companies are still infected.

Now this is where it gets interesting and a little perturbing: the FBI managed to secure a court order which enabled it to replace the DNS heart of the Trojan, so that all traffic would flow through a surrogate DNS server instead. The court order in question allows the FBI to maintain this surrogate DNS service until 8 March. After which, and I'm guessing you are ahead of me here, any business whose computers are still infected with the Trojan, and therefore still using this surrogate DNS service, will find themselves removed from the internet entirely and dumped into 404-ville.

Which could, if the numbers I have seen are to be believed, lead to an awful lot of companies suddenly and catastrophically being denied access to the internet. Within the US alone, and remember that DNSChanger was a global infection spreading across more than 100 countries, half of all Fortune 500 companies are still infected and half of all major government agencies likewise carry at least one infected machine.

The DNSChanger Working Group, established to help co-ordinate remediation of the Trojan infection, is known to be considering applying for an extension to the court deadline to relieve the likely impact otherwise, given the high number of infections still found to be active. But it could all be something of a pointless exercise. After all, the Conficker Working Group had a similar remit and some three years after it was founded there are still thought to be around three million systems still infected with the Conficker Worm.

It would be a good thing if the situation frightened those enterprises who have not bothered to properly scan for and remove any DNSChanger infections to implement a proper security strategy. If you want to be sure you are not one of them, then perhaps you should contact your security vendor for advice as to how to check your network for evidence of infection.

One cannot help but marvel at the irony of the timing of all this though, what with Anonymous having made a declaration that it would launch a DDoS attack against DNS root servers, and effectively take down the internet, on 30 March. Now it looks like, for a large number of businesses anyway, that the FBI may just beat them to it.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Gumtree site code made personal data of users and sellers publicly accessible
data protection

Gumtree site code made personal data of users and sellers publicly accessible

16 Dec 2021
Pizza chain exposed 100,000 employees' Social Security numbers
data breaches

Pizza chain exposed 100,000 employees' Social Security numbers

19 Nov 2021
83% of critical infrastructure companies have experienced breaches in the last three years
cyber security

83% of critical infrastructure companies have experienced breaches in the last three years

11 Nov 2021
Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022
Solving cyber security's diversity problem
Careers & training

Solving cyber security's diversity problem

5 Jan 2022