Credit unions finding themselves infected with a dangerous piece of malware known as the DNSChanger are hardly alone.
Despite an FBI takedown of the criminal network believed to be behind the malware, at least half of all Fortune 500 companies and 27 of 55 major federal agencies had at least one computer or router infected with it last month, according to a new report.
Internet Identity, a security firm based in Tacoma, Wash., said it determined that number based on its own internal systems and data from other major security and Internet infrastructure organziations.
The DNAChanger malware changes the domain name system on a computer, allowing rogue servers to redirect legitimate searches and URLs. It also disables antivirus and other software updates, exposing the systems to other virus attacks that include the ability to view any data, messages exchanged and other information on a computer.
The threat remains despite November’s arrest of six Estonian nationals and the seizure of computer systems believed responsible for manipulating millions of infected computers with the DNSChanger malware, IID said.
“Initially, DNSChanger was so worrisome because it could redirect you from a safe Web location to a dangerous one controlled by cyber criminals,” said IID President/CTO Rod Rasmussen. “However, the FBI temporarily fixed that. Now the big worry is that machines that are still infected face a second vulnerability – they are left with little if any security.”
Members of the DNSChanger Working Group are offering free information on how to find out if the DNSChanger is on a network.