Tag Archives: operation ghost

DNSChanger resolver shutdown deadline is March 8th

The ISC has written a number of diaries about DNSChanger in the past, including this excellent diary by a number of ISC Handlers, so I am not going to rehash the history.

With the FBI’s March 8th deadline for disabling the DNSChanger resolvers rapidly approaching, the predictable fearmongering is beginning in the blogosphere and the regular press. Rest assured that DNSChanger infected a relatively small number of computers compared to most infections, and turning off the temporary resolvers will barely be blip on the Internet. There are some suggestions that the FBI may extend this deadline to permit companies to complete their cleanup. Frankly I am on the fence about whether or not an extension is a good idea.  I certainly don’t want to entertain the possibility that the companies that I do business with, and entrust my personal information to, may take more than 4 months to cleanup a known malware infection. Continue reading DNSChanger resolver shutdown deadline is March 8th

Network Engineers nightmare:Operation Ghost Click DNS servers to shut down in March

One of the more widespread malware efforts over the past few years was the DNSChanger scam, which installed a Trojan horse that would change the DNS server settings on affected computers to divert traffic to rogue servers.

The DNS system is essentially the Internet’s phone book that allows your computer to resolve a URL to the IP address of the server that hosts its contents. By changing a computer so that it uses a rogue DNS server, the DNSChanger malware was thus able to redirect valid URLs (such as those for banking institutions) to malicious Web sites in order to steal personal information. Continue reading Network Engineers nightmare:Operation Ghost Click DNS servers to shut down in March