Apr 26, 2012

What steps are you taking to address DNSChanger concerns?

Most of us have been aware of DNSChanger malware for quite a while, but apparently it has just entered the mainstream consciousness. I say this because we have been getting request after request to "check my computer for the DNS virus". All of the machines on our network are fine, but even when we tell people that, we get a lot of request to check the individual machine "to make sure". We don't have the time or people to make a personal visit to everyone just to pat them on the shoulder and tell them everything is fine. Now, I'm not saying there isn't valid concern about DNSChanger. In fact, I think it is a very clever bit of mischief. Bad, but clever. It's amazing to me how hard it is to get people to follow basic security practices, but when they see something on TV about their computer not working after July the freak-out begins. Maybe I just work at Paranoid, Inc., I don't know. Are other companies running into this, and if so, what steps are you taking to address concerns and stop spending excessive time on the issue?

Canada has an online tool that will check to see if a user's computer is infected by DNSChanger malware:


"The Canadian Internet Registration Authority (CIRA), in collaboration with Public Safety Canada and the Canadian Radio-television Telecommunications Commission (CRTC), has developed an online DNS Checker to screen users’ computers for the DNSChanger malware.

CIRA says the free online tool lets Canadian Internet users to detect if their computer is affected by the DNSChanger malware.

The DNSChanger Trojan horse could change the DNS server settings on infected computers and divert traffic to rogue servers. The malware was cross-platform, and was said to have affected millions of PC and Mac systems worldwide, over half a million of them in the U.S.

The FBI began working with several foreign governments on Operation Ghost Click, eventually arresting several alleged perpetrators."
Probably the easiest thing to do is send out a mass internal e-mail directing everyone to the website that tells users if their computer has a DNSChanger issue. It is super simple, they will see a nice comforting message on their screen, and will probably stop worrying about it. Also, it will let them know if by chance they do happen to have the malware installed. www.dcwg.org.
Answer this