Forgot your password?
typodupeerror
Networking Crime Government NASA Security The Internet Technology

FBI Takes Out $14M DNS Malware Operation 57

Posted by samzenpus
from the take-em-down dept.
coondoggie writes "U.S. law enforcement today said it had smashed what it called a massive, sophisticated Internet fraud scheme that injected malware in more than four million computers in over 100 countries while generating $14 million in illegitimate income. Of the computers infected with malware, at least 500,000 were in the United States, including computers belonging to U.S. government agencies, such as NASA."
This discussion has been archived. No new comments can be posted.

FBI Takes Out $14M DNS Malware Operation

Comments Filter:
  • Last Post (Score:3, Funny)

    by Anonymous Coward on Wednesday November 09, 2011 @06:39PM (#38005868)

    Posted from one of the bots.

    • Congratulations! The Botnet operators thought $3.50 (for them) was worth more than (probability you noticed a problem) * (all the effort and money it would take you to fix it.) Of course, if you're a typical botnet zombie host, the effort and cost were $0, plus a bit extra because your PC is running slower, but hey, you had lots of bogomips to spare.

      • Don't you have to be running Linux to have BogoMIPS?

        Wouldn't these machines likely be running a different operating system?

        Cheers

        • by ewanm89 (1052822)
          Well, as BogoMIPS is a benchmark of processor cycles then yes and no, one still has those cycles on any OS. They just would only get measured in that specific unit if on linux.
          • by EETech1 (1179269)

            Well wouldn't ya know it...
            djwong.org/programs/bogomips/
            Someone did a Windows port!

            I stand corrected, my joke was not funny, or technically correct.

            Cheers!

        • BogoMIPS is a measure of hardware performance. True, it's a benchmark mainly used by Linux, as opposed to WinBench or FPS-with-some-game, but that doesn't matter; we're not talking about the botnets exploiting a bug in the benchmarking program to get it to do work for them :-) But they're the current benchmark; I've also used machines during the years when we benchmarked in SPECints, in Dhrystones and Whetstones, and in MIPS, and before that (since "1 MIPS" was canonically the speed of a VAX 11/780, and

  • by bazmail (764941) on Wednesday November 09, 2011 @06:43PM (#38005900)
    Sometimes you just gotta hand it to 'em
  • by agm (467017) on Wednesday November 09, 2011 @06:45PM (#38005922)

    It would be interesting to see the breakdown of the operating systems the infected computers were running.

    • I don't think I'd be surprised at the results.

    • by Jeng (926980)

      Why do you say it would be interesting?

      The answer is such a given that your question is actually rhetorical.

      • by Baloroth (2370816)
        Link looks bad, I know. [dnschanger.com] (pretty sure it's clean) That is an advisory for the malware in question (DNSChanger) affecting mac OSX.... so no, it isn't rhetorical. The time of Windows being the only possible infected system is past. Probably thanks to Apple's meteoric rise in popularity.
    • by Baloroth (2370816) on Wednesday November 09, 2011 @06:57PM (#38006044)
      The FBI info PDF on the malware ( DNSChanger [fbi.gov]) lists instructions for checking OSX to see if you're infected. It also mentions the malware changes router settings if they are still at defaults. I'm guessing it infects Windows and Mac, with Linux/FreeBSD/Hurd being unaffected as per usual.
      • by Wolfrider (856)

        --All of my browsing goes through a Linux-based Squid proxy with its own DNS settings, so I'm not really worried. Check it out, it's free:

        http://communities.vmware.com/message/1828477#1828477 [vmware.com]

    • This doesn't have to be an OS thing. Look into MiM and MitB and you'll see that it is now browser based.
    • It would be interesting to see the breakdown of the operating systems the infected computers were running.

      Ah, we're all about socializing the externalities for the corporations these days. How much of this bill do you think Microsoft will pick up? How about 'none' so they have no real incentive to secure their products?

      Heck, it justifies a larger FBI, so they'll probably give them a metal for being so cooperative.

      • by Anonymous Coward

        they'll probably give them a metal for being so cooperative.

        I'd like to give Microsoft a small amount of lead, not very much, but I'd like to do it as fast as possible. About 680 MPH fast. ;)

  • by ackthpt (218170) on Wednesday November 09, 2011 @06:57PM (#38006042) Homepage Journal

    That's like claiming the interception of one bale of weed at the Mexican Border is a Major Interdiction.

    Still, glad they're doing something. Every little bit helps.

  • by Compaqt (1758360) on Wednesday November 09, 2011 @07:01PM (#38006098) Homepage

    The FBI managed to stop MAFIAA from passing PROTECT-IP?

  • Oh wait, so it's not about Skype?

  • by Arrogant-Bastard (141720) on Wednesday November 09, 2011 @08:14PM (#38006872)
    ...because there are now 4 million pre-compromised systems in the field. It's a certainty that they are now all attractive targets for anyone clever enough to detect them and acquire control of them. I think chances are quite good that as you're reading this, more than one person/group is attempting that very thing. They'll probably succeed. And when they do, they'll use yet another C&C mechanism to organize them, harness them, and get on to whatever mischief they choose.

    Seen in that context, this announcement is just a PR exercise. It has no real significance.
    • by plover (150551) *

      Reading Krebs' article on the topic, the FBI has partnered with ISC to help plan a substitute DNS to stand in for the people whose computers are infected, to notify the ISPs, and to devise a plan to help get their computers cleaned up. The bigger problem is it's a boot sector infection that they don't yet appear to have a way of safely removing.

      Personally, I'd rather disenfranchise them. ISC could stand up a substitute DNS server to resolve every address to a redirector site that sends them to a page on fb

  • by DrProton (79239) on Wednesday November 09, 2011 @09:59PM (#38007880)

    This is good on Lion and Snow Leopard AFAIK: networksetup -getdnsservers Ethernet Wi-Fi

    This command has extensive help: networksetup -help

    I use networksetup every day. I have numerous makefile targets that change my network settings based on my location. I'm a a road warrior changing networks frequently and using a VPN and ssh to connect to the corporate network.

  • "U.S. law enforcement today said it had smashed what it called a massive, sophisticated Internet fraud scheme that injected malware in more than four million computers in over 100 countries while generating $14 million in illegitimate income. Of the computers infected with malware, at least 500,000 were in the United States, including computers belonging to U.S. government agencies, such as NASA".

    Did any of these malware infested 'computers` run Microsoft Windows?
  • FBI code named Magic Lantern (botnet) eeek!

  • DNS Abuse Resistance Education and MacRuff, the Router Crime Dog.
  • Finally doing some good in the world, keep it up, feels good to the rest of us.

  • Interfering in the free market.

<< WAIT >>

Working...