2012, The End of the Internet for 350,000!


Mar 21st

Come July 9th this year 350,000 unsuspecting victims of the DNS Changer Malware will lose their ability to find websites on the internet. Unbeknown to the victims they were infected by the Malware which set about making significant changes to their systems.

Changes included disabling Anti-Virus updates to stop the Malware from being detected, but more importantly the Malware changed Domain Name server settings. This meant that when a user submitted a request in their browser address line, to go to say, “Google.com” the request would be submitted to the Hackers servers, at which stage the Hackers Server could redirect you anywhere they wanted.

Obviously this is dangerous, if you wanted to visit HSBC.com, you could end up wherever the hacker wanted you to go, including a middle server that requested the information HSBC website would traditionally ask you for, and relaying that information to the true HSBC website, pretending to be you and accessing your full accounts.

But as with any criminal enterprise, you need to get paid. Accessing peoples bank accounts can indeed be profitable, however if you transfer money out of a compromised account, you still need to transfer it somewhere, like another person’s account, not yours obviously because that would be a very quick way to having your shoulder tapped upped by the FBI.

A less risky payoff is to use the compromised computers, which are spread across the globe, to pay you in some way. In reality if you control a network of compromised computers, in this case close to 600,000 compromised computers, you are, from the Internet perspective, 600,000 individual people.

What would you do if you controlled 600,000 internet people? A nice simple payoff is for you to run a website, or two, sign up to Google Adsense or other pay per click advertising websites, place their banner adverts on your website and use your 600,000 internet people to start clicking on the adverts.

Depending on the adverts you can get about $1 per click. It does not take long for the money to start to flow in, in the case of these hackers, the FBI is saying they made $14 million! A nice little pay day, and very difficult to detect that anything has been “stolen”.

The FBI arrested six Estonians last November, but here is the problem. You now have close to 600,000 machines configured to talk to the Hacker machines to find web pages whenever they browse the Internet. What happens when you take the Hackers servers offline? You now have 600,000 users that can’t use the Internet!

The FBI decided the easy way to deal with this was to place their own servers online in replacement of the hackers servers, to respond to the compromised computers requests. The plan being that with enough publicity they could let people know there is a problem, hoping they would then fix their machines.

They have done quite well, the number of infected machines has fallen from close to 600,000 to around 350,000 in six months. But the drop off rate has declined significantly and come July 9th the FBI plans to switch off their servers, meaning it is lights out for the remaining compromised machines.

How can you check if you are compromised? The easiest is to work with one of the FBI partner websites, where all that is needed is for you to do a quick scan of your machine. The European partner can be found at the following site: http://dns-changer.eu/

Leave a Reply

© 2006-2024 Security Enterprise Cloud magazine.