A provider of technology and services that help organizations secure their internet presence, Internet Identity (IID), announced that half of all fortune 500 companies and US federal agencies are reportedly infected with DNSChanger malicious software (malware) – IID found that at least 250 of all Fortune 500 companies and 27 out of 55 major government agencies had at least one computer or router that was infected with DNSChanger in early 2012.
“Initially, DNSChanger was so worrisome because it could redirect you from a safe web location to a dangerous one controlled by cyber criminals,” said IID president and CTO Rod Rasmussen. “However, the FBI temporarily fixed that. Now the big worry is that machines that are still infected face a second vulnerability—they are left with little if any security.”
DNSChanger malware actively changes the infected system’s domain name system (DNS) resolution settings to use “rogue servers” that redirect legitimate searches and URLs to malicious websites that attempt to steal personal information and generate illegitimate ad revenue for a network of cybercriminals.
The FBI – working in concert with NASA, the Estonian police, and several private sector firms and security researchers in November 2011 — put a major dent in the DNSChanger operation with Operation Ghost Click – the operation results in arrest of six Estonian nationals who are accused of manipulating millions of infected computers via DNSChanger – during the arrests – the systems instead of just being shut down – they have been temporarily replaced with legitimate servers for 120 days.