Biz urged to blast DNSChanger Trojans before safety net comes down Half of all Fortune 500 companies still contain computers infected with the DNSChanger Trojan, weeks after a FBI-led takedown operations targeting the botnet's command-and-control infrastructure. DNSChanger changed an infected system's domain name system (DNS) resolution settings to point towards rogue servers that redirected …
"at least 250 of all Fortune 500 companies and 27 out of 55 major government entities had at least one computer or router on their network still infected with DNSChanger"
And they wonder why they get repeatedly screwed overy by cybre criminals?
This is not a new infection for Christ's sake! The BOFH should be ashamed, or more likely the managers beaten with rubber hoses for not authorising/funding the BOFH to nuke such PCs from orbit and do something with a cattle prod to the user if they had a big part in it getting past the corporate security.
A user tries to browse the internet and is suddenly confronted with a message saying that their computer is infected with a virus and to click here to clean the infection... in other words, exactly what they would see on a website trying to infect them with FakeAV malware. Do we really want to train people to believe this stuff and click the links?
"A user tries to browse the internet and is suddenly confronted with a message saying that their computer is infected with a virus and to click here to clean the infection..."
I recommend you read the suggestion you were responding to a little more carefully which was - "your computer is infected please contact your support department... click here for more info" - that's exactly who someone with an infected computer should be directed to. Yes people do need to learn not to trust any third party which informs them about an infection with whom no prior support relationship exists to carry out a repair, but that's not the course of action actually suggested here. Perhaps - "contact your support department or current anti-virus software supplier if you have one or your computer vendor if you don't" might be the most precise formulation , but for those with a limited attention span perhaps the advice suggested was better as it was likely to be clearer.
it is a bad idea because it trains users to do the wrong thing.
Besides, it would be FAR more effective to put up a nice big friendly message that says:
"This DNS Resolution server has been brought to you by the FBI who are NOT logging your IP address. Your request will be redirected in [countdown timer starting at 10] seconds."
About the same time I last saw a Windows server (which was years ago, fortunately for my sanity).
But I've been told some people out there still think a Windows box is a proper server, so I wouldn't surprised if they also used one as a router. Never underestimate this kind of people, I tell you.
This post has been deleted by its author
> WTF are they doing allowing internal machines to perform Internet DNS lookups in the first place??
They don't, normally internal machines get their DNS settings from the local DHCP server, presumably DNSChanger adds a new entry in the local HOSTS file. Besides, according to this, DNSChanger can change DNS settings on the router.
"The DNSChanger malware is capable of changing the DNS server settings within SOHO routers that have the default username and password provided by the manufacturer"
http://www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-malware.pdf
What's common sense got to do with it?
Setting up a properly functioning DNS server isn't easy, and in an already overworked IT-department, who's going to take on that task?
It's also common sense to use a login account that doesn't have administrative privileges, but you'd be surprised at how many users at large corporations or government agencies have full administrative access on 'their' computers. (And usually no clue as to why this is bad)
In most big organisations, IT isn't considered 'critical' enough to have it's rightful place in the hierarchy(directly under the company president) or even to have the necessary mandates to do their job.
I can pull the plug on ANY computer in my organisation if I believe it to be infected, knowing that I have the authorisation to do so, and that no two-bit 'king' of whatever deparment can overrule me.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
