The tale of DNSCHANGER ( 2+ yrs. in the making) has come to an end, criminal malware re-routing browser traffic in a profitable clickthru scam had its last vestiges die on July 9th.
International law enforcement action, media sensationalism, good folks working behind the scenes; and an impacted global audience; offers multiple lessons to us all.
| November 10, 2011 | The FBI culminates a 2 YEAR “Operation GhostClick” pulling the plug on numerous DNS servers involved in the SCAM, estimating ½ million user affected |
| December 1, 2011 | As The FBI and ISC (SANS Internet Storm Center) maintain ‘replacement DNS servers’ to support affected users the count rises to 2.5 million |
| Jan-March 2012 |
|
| March 6, 2012 | Although scheduled to shut down on March 5th, the ‘slow decrease in infected systems‘ results in a federal judge extending operation of the DNS server 5 more months. Bloggers again worry of unreachability, calmer heads repeat that A/V updates and remediation methods to resolve issues for a dwindling count of infected machines |
| July 9, 2012 | The DNS servers are finally retired amidst a lagging fanfare of “the network is falling”, the servers are retired… AND… On the 10th, NOTHING happens. The remediation work of competent network service providers, law enforcement, and security professionals insures that the ‘best case scenario’ is the result and continuity is delivered. |
Bottom Line:
- The nature of this scam is very old; executing it on a global stage; a new twist.
- The original crime; Create false clickthru’s sold as search optimization; to unwitting customers, infect desktops throughout the world to deliver on the ‘lie’
- The separation of ‘fears’ and ‘facts’ is essential in effective remediation of the threat, and return-to-service for those affected.
- The implications of falsifying DNS lookups on a global scale reaffirms our need to insure ‘utilities’ like DNS on a global network continue to point to true destinations.
The key issue:
- In this era reaching Internet resources means trusting your ‘map’, insuring your ‘map-makers’ are trustworthy is the essential.
The upside:
- Responsible MSSP’s can monitor and block the ‘false sources’ insuring their customers are aware of attempts, steered clear of risks and travel the true roadways.