The Federal Bureau of Investigation (FBI) will unplug on March 8 the Domain Name System servers it set up to replace rogue DNS servers that sent victims to malicious sites.
A report on Infoworld said the removal of this temporary fix may affect "a substantial number" of users, as half of Fortune 500 companies and government agencies are infected with the malware.
But it also cited an article by Krebs on Security hintig the FBI's DNSChanger Working Group is "weighing its options," including requesting a court order to extend the March 8 deadline.
Last November, the FBI took down the DNSChanger botnet network, which a cyber criminal gang used to redirect Internet traffic to fake websites that served ads.
But to prevent Internet traffic from being disrupted and to trace the DNSChanger traffic, the FBI replaced the criminals' servers with clean ones that would push along traffic to its intended destination.
"Without the surrogate servers in place, infected PCs would have continued trying to send requests to aimed at the now-unplugged rogue servers, resulting in DNS errors," Infoworld said.
On March 8, when the FBI's server network is unplugged, computers infected with DNSChanger cannot access the Internet anymore, since the malware still in the machines will send requests to servers that are effectively offline.
Slow cleanup
Infoworld quoted security company IID (Internet Identity) as saying the cleanup has been slow.
It said IID claims at least 250 of Fortune 500 companies and 27 out of 55 major government entities had at least one computer or router infected with DNSChanger in early 2012.
But Infoworld said companies and users need to clean their systems soonest.
Another drawback to keeping the surrogate network online is that it requires taxpayers' money, it said.
"Given the uncertainty of what the feds will decide, organizations and home users alike would be well served to tackle the problem now, whether than playing the ever-risky waiting game," it said. — TJD, GMA News
No comments:
Post a Comment