Will the FBI close down your online business this March?
In tackling the DNSChanger botnet, the FBI may take a load of businesses offline. Davey Winder is, unsurprisingly, anxious...


Even though the botnet behind the DNSChanger Trojan was dismantled towards the end of last year, a huge number of enterprises appear to still be infected.
So what's the problem if the power behind the Trojan has been hauled off to jail? Well how about the small matter of the FBI apparently insisting it will seek to disconnect any computer still found to be infected with DNSChanger on 8 March?
DNSChanger was one of the most malicious of Trojans to hit businesses last year, infecting around 4 million computers globally. It worked by changing the host system's Domain Name Server (DNS) settings to point them at assorted advertising and often malicious sites via the now dismantled botnet.It also made changes to ensure that infected systems could no longer access security vendor sites in order to get help with removal of the thing.
DNSChanger was one of the most malicious of Trojans to hit businesses last year.
It was a typically clever bit of malware and one that proved to be pretty successful, allegedly netting the Estonian gang behind it upwards of 8 million in profit. It did all of this by simply changing the NameServer Registry key value to a custom IP address upon installation of the malicious executable.
But, I have to ask on your behalf once again, why does any of this actually matter now the command and control botnet that was handling the DNS diversions has been dismantled and no longer exists, so that those infected computers cannot be pointed towards the nefarious sites? That's where the FBI comes in.
The botnet itself was uncovered after a co-ordinated attack on the malware infrastructure. Law enforcement authorities and service providers effectively reverse engineered the botnet and alerted customers whose machines were infected with the Trojan.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Davey is a three-decade veteran technology journalist specialising in cybersecurity and privacy matters and has been a Contributing Editor at PC Pro magazine since the first issue was published in 1994. He's also a Senior Contributor at Forbes, and co-founder of the Forbes Straight Talking Cyber video project that won the ‘Most Educational Content’ category at the 2021 European Cybersecurity Blogger Awards.
Davey has also picked up many other awards over the years, including the Security Serious ‘Cyber Writer of the Year’ title in 2020. As well as being the only three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) Davey was also named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro Magazine called ‘Threats to the Internet.’ In 2011 he was honoured with the Enigma Award for a lifetime contribution to IT security journalism which, thankfully, didn’t end his ongoing contributions - or his life for that matter.
You can follow Davey on Twitter @happygeek, or email him at davey@happygeek.com.
-
Blackouts in Spain and Portugal could be a cyber attack
Both countries are "paralyzed" by nationwide power outages
By Jane McCallion
-
Cisco takes aim at AI security at RSAC with ServiceNow partnership
News The companies claim Cisco AI Defense and ServiceNow SecOps will help address new challenges raised by AI
By Jane McCallion
-
Seized database helps Europol snare botnet customers in ‘Operation Endgame’ follow-up sting
News Europol has detained several people believed to be involved in a botnet operation as part of a follow-up to a major takedown last year.
By Emma Woollacott
-
Horabot campaign targeted businesses for more than two years before finally being discovered
News The newly-discovered Horabot botnet has attacked companies in the accounting, investment, and construction sectors in particular
By Ross Kelly
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolen
Capita told the pension provider to “work on the assumption” that data had been stolen
By Ross Kelly
-
Brand-new Emotet campaign socially engineers its way from detection
News This latest resurgence follows a three-month hiatus and tricks users into re-enabling dangerous VBA macros
By Ross Kelly
-
Microsoft says “it’s just too difficult” to effectively disrupt ransomware
News The company details its new approach to combatting cyber crime as the underground industry drains $6 trillion from the global economy
By Connor Jones
-
Beating the bad bots: Six ways to identify and block spam traffic
In-depth Not all traffic is good. Learn how to prevent bad bots from overrunning your website
By Sead Fadilpašić
-
Ukraine's vigilante IT army now has a DDoS bot to automate attacks against Russia
News The 270,000-strong IT Army of Ukraine will now combine supporters' cloud infrastructure to strengthen the daily attacks against their invaders
By Connor Jones
-
Microsoft's secure VBA macro rules already being bypassed by hackers
News Recent analysis of Emotet activity has revealed a shift away from malicious Office documents to drop malware
By Connor Jones