Even though the botnet behind the DNSChanger Trojan was dismantled towards the end of last year, a huge number of enterprises appear to still be infected.
So what's the problem if the power behind the Trojan has been hauled off to jail? Well how about the small matter of the FBI apparently insisting it will seek to disconnect any computer still found to be infected with DNSChanger on 8 March?
DNSChanger was one of the most malicious of Trojans to hit businesses last year, infecting around 4 million computers globally. It worked by changing the host system's Domain Name Server (DNS) settings to point them at assorted advertising and often malicious sites via the now dismantled botnet.It also made changes to ensure that infected systems could no longer access security vendor sites in order to get help with removal of the thing.
DNSChanger was one of the most malicious of Trojans to hit businesses last year.
It was a typically clever bit of malware and one that proved to be pretty successful, allegedly netting the Estonian gang behind it upwards of 8 million in profit. It did all of this by simply changing the NameServer Registry key value to a custom IP address upon installation of the malicious executable.
But, I have to ask on your behalf once again, why does any of this actually matter now the command and control botnet that was handling the DNS diversions has been dismantled and no longer exists, so that those infected computers cannot be pointed towards the nefarious sites? That's where the FBI comes in.
The botnet itself was uncovered after a co-ordinated attack on the malware infrastructure. Law enforcement authorities and service providers effectively reverse engineered the botnet and alerted customers whose machines were infected with the Trojan.
