Efforts to eliminate a high-profile Trojan may cause some Internet users to lose connectivity on Monday. And, getting systems back up and running may be far more difficult than the preventative measures themselves.
The Federal Bureau of Investigation will be shutting down servers used by operators leveraging the DNSChanger Trojan, and when that happens, people with infected systems will lose access to the Internet, according to Dave Marcus, director of advanced researcher and threat intelligence at McAfee Labs.
“A DNSChanger Trojan literally changes the infected computer's DNS settings,” explained Marcus. “When a user opens up a browser and enters a web address, good DNS settings will take you to the proper website. But if you've got malicious DNS settings, the criminal can point you to whatever server they want. So it can be used in a lot of nasty and malicious ways. The FBI has taken control of a lot of these malicious servers, and on July 9th, they are going to shut down all of these servers. That means if you open up your browser and you are infected with this malware, you won't be able to get to the Internet because it won't be able to resolve your DNS to the correct addresses or anything else.”
That translates to users not only losing web and email access but also connectivity to resources that will restore their services without on-premise support.
And, it’s likely that a number of large organizations could be adversely affected.
“This is an important opportunity for channel partners to reach out to their customers and resolve potential problems before they occur,” said Marcus. “It’s also a good idea to update their security software and run a full system scan.”
A number of vendors, including McAfee, are offering free online testing resources.
“Ours is at this website,” said Marcus, referring to McAfee's free online test. “You click the button on the website and it will let you know if your DNS settings are good or bad. If your DNS settings are bad, it will tell you what you need to do in order to resolve the problem. It's a very simple solution.” Marcus added that the test literally ensures that the user’s DNS settings route them to the correct server.
PUBLISHED JULY 6, 2012