Internet Identity

It was about 2 1/2 months ago that the FBI, in cooperation with other law enforcement agencies, took down the DNSChanger gang with Operation Ghost Click.  You may recall that there was a court order put in place to keep the formerly malicious DNS resolvers used by the DNSChanger malware working so that nearly 5 million victims didn't immedately lose the ability to navigate the Internet. The idea was to buy time - the court order was for 120 days - to allow network operators and their users a chance to clean their machines.  That grace period expires on March 8, 2012.

We have been tracking the clean up effort, which after an initial burst has slowed to a trickle.  We also noticed in our conversations with enterprises that many CISO's and network security personnel were unaware of DNSChanger and the associated clean up effort, despite all the initial publicity that surrounded the takedown of the operation. To get an idea of how widespread the ignorance of the DNSChanger is, we recently took a look at how many Fortune 500 companies still have DNSChanger infections on their networks.  And the answer is one-half!  Fifty percent of Fortune 500 companies have some sort of DNSChanger infection (and maybe many infections) on their networks. (See our press release on the study.)

Why is this a problem?  Well, for one thing, it suggests that half of all large enterprises have DNSChanger infections.  And since DNSChanger was most often delivered by a rootkit malware that also would deliver many other infections, it means that these enterprises likely have badly infected machines on their networks, which could lead to all kinds of trouble, maybe even with the SEC.  See our PDF whitepaper on remediation for more details about the various malware infections associated with DNSChanger. The DNSChanger infection is a giant red warning light, and there is a 50% chance it is blinking for your enterprise.

Fortunately, enterprises and other network operators can easily determine if their networks have DNSChanger infections. Several organizations, including IID, have volunteered to help get the word out and will provide bona fide network operators with a diagnosis for free. These organizations are listed at the DNS Changer Working Group website.  Get your network checked for DNSChanger today!