DNSChanger Contaminates PCs, Snaps Internet Access

A largely prevalent malware campaign that dropped a Trojan during the recent years has been the DNSChanger campaign, which involved altering the configurations of the Domain Name System server associated with infected PCs so traffic maybe redirected onto harmful servers, published Cnet on January 23, 2012.

It maybe noted that DNSChanger represents certain group of malware programs, which changes the network settings on computers running Apple's Mac OS X or Microsoft's Windows such that when the queries related to DNS is created to be sent to the servers of the end-users' ISP, they get diverted onto the online-crooks' servers, instead. These latter malevolent servers subsequently issue fake replies so the end-users would encounter PUP (potentially unwanted programs). Indeed starting 2007, security researchers observed the Trojan as also the rogue DNS servers in their active form.

Moreover, they caused the number of infected PCs to grow to 4m, including approximately 500,000 situated inside the USA. The criminals tampered with the local PC's DNS for diverting end-users onto unintended websites alternatively for posting their own malverts in place of the actual page contents.

The rogue DNS servers created a hazard for innumerable end-users who couldn't access the Internet except via those criminal servers. The area police together with the FBI confiscated 100 such servers and succeeded in regulating the botnet that struck in Chicago and New York.

During November 2011, FBI jointly with officials from Holland and Estonia, and other global associates executed an operation, which resulted in the arrest of many individuals, held in doubt, as also helped law enforcement authorities towards controlling the network system that the criminals earlier operated.

Indeed, 6 persons who executed the assault fetching them over $14m were lately detained inside Russia and Estonia under the FBI operation. The agency said that as owners of contaminated PCs pressed on the web-link to access the iTunes site, say, rather than find the intended website, they got led onto another one which related to a business that wasn't affiliated to Apple Inc., although it posed as selling Apple products.

FBI has shutdown the operation and started a 2-yr investigation namely "Operation Ghost Click."

Related article: DNSChanger Trojan on Mac OS X Slows Down Web Browsing

» SPAMfighter News - 1/27/2012