Do you have a Sinkhole in your Network? (IT Briefcase)
Excerpt from IT Briefcase: Read the entire article HERE
Featured article by Francis Turner
You may have heard of botnets like DNS Changer or Conficker that have been taken down by law enforcement agencies in various countries. What you may not be aware is that millions of computers are still infected by these sorts of ‘zombie’ malware. DNS Changer, for example, has proven to be a very tough piece of malware to remove and many computers are still running it. Worse, the IP addresses that were used by DNS changer have been reassigned and some have been given to highly suspicious entities. If any computers on your network are still infected then they are probably ripe for exploitation by a new set of cyber-criminals.
What is DNS Changer?
On November 8, the FBI, the NASA-OIG and Estonian police arrested several cyber criminals in “Operation Ghost Click”. The criminals operated under the company name “Rove Digital”, and distributed DNS changing viruses, variously known as TDSS, Alureon, TidServ and TDL4 viruses.
The botnet operated by Rove Digital altered user DNS settings, pointing victims to malicious DNS in data centers in Estonia, New York, and Chicago. The malicious DNS servers would give fake, malicious answers, altering user searches, and promoting fake and dangerous products. Because every web search starts with DNS, the malware showed users an altered version of the Internet.
Read the rest of the article at IT Briefcase