no-image

The end of DNS-Changer

FBI’s “Operation Ghost Click” was discussed earlier by my colleague Kurt [Link: http://www.securelist.com/en/blog/208193404/DNSChanger_Cleaning_Up_4_Million_Infected_Hosts] and [Link: http://www.securelist.com/en/blog/208193491/Update_to_DNSChanger_Cleaning_Up_4_Million_Infected_Hosts] and now it comes to an end. Next Monday, 9th of July, at 06:00 (MEZ) the temporary DNS-servers setup by FBI will be shut down. But still there are still thousands of infected machines – one can wonder, what will happen to them? Read Full Article

no-image

DNSChanger – Cleaning Up 4 Million Infected Hosts

The internet is full of infected hosts. Let’s just make a conservative guesstimate that there are more than 40 million infected and malware serving “hosts” connected to the internet at any one time, including both traditional computing devices, network devices and smartphones. That’s a lot of resources churning out cybercrime, viruses, worms, exploits, spyware. There have been many suggestions about how to go about cleaning up the mess, the challenges are complex, and current cleanups taking longer than expected.

Mass exploitation continues to be an ongoing effort for cybercriminals and a major problem – it’s partly a numbers game for them. Although exploiting and infecting millions of machines may attract LE attention at some point, it’s a risk some are willing to take in pursuit of millions of dollars that could probably be better made elsewhere with the same effort. So take, for example, the current DNSChanger cleanup. Here is a traditional profit motivated 4 million PC and Mac node malware case worked by the Fbi, finishing with a successful set of arrests and server takedown.

Read Full Article

no-image

Malware in Lenovo

Some of you might have seen the blogpost that our colleague Ryan Naraine has put at ZDNET about malware being distributed along with a pack of Lenovo Thinkpad drivers. Here are some more details on that story. Working together with fellow researchers in Microsoft we discovered an URL that pointed… Read Full Article