Will the FBI close down your online business this March?

In tackling the DNSChanger botnet, the FBI may take a load of businesses offline. Davey Winder is, unsurprisingly, anxious...

Half of all Fortune 500 companies are still infected.

Now this is where it gets interesting and a little perturbing: the FBI managed to secure a court order which enabled it to replace the DNS heart of the Trojan, so that all traffic would flow through a surrogate DNS server instead. The court order in question allows the FBI to maintain this surrogate DNS service until 8 March. After which, and I'm guessing you are ahead of me here, any business whose computers are still infected with the Trojan, and therefore still using this surrogate DNS service, will find themselves removed from the internet entirely and dumped into 404-ville.

Which could, if the numbers I have seen are to be believed, lead to an awful lot of companies suddenly and catastrophically being denied access to the internet. Within the US alone, and remember that DNSChanger was a global infection spreading across more than 100 countries, half of all Fortune 500 companies are still infected and half of all major government agencies likewise carry at least one infected machine.

The DNSChanger Working Group, established to help co-ordinate remediation of the Trojan infection, is known to be considering applying for an extension to the court deadline to relieve the likely impact otherwise, given the high number of infections still found to be active. But it could all be something of a pointless exercise. After all, the Conficker Working Group had a similar remit and some three years after it was founded there are still thought to be around three million systems still infected with the Conficker Worm.

Advertisement
Advertisement - Article continues below

It would be a good thing if the situation frightened those enterprises who have not bothered to properly scan for and remove any DNSChanger infections to implement a proper security strategy. If you want to be sure you are not one of them, then perhaps you should contact your security vendor for advice as to how to check your network for evidence of infection.

One cannot help but marvel at the irony of the timing of all this though, what with Anonymous having made a declaration that it would launch a DDoS attack against DNS root servers, and effectively take down the internet, on 30 March. Now it looks like, for a large number of businesses anyway, that the FBI may just beat them to it.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/network-internet/wifi-hotspots/354283/industrial-wi-fi-6-trial-reveals-blistering-speeds
wifi & hotspots

Industrial Wi-Fi 6 trial reveals blistering speeds

5 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019