The DNS Changer virus was not given FBI

A half of the list of Fortune 500 and large public institutions of the USA were infected with the DNS Changer virus which redirects users on fraudulent websites and puts the organizations at risk of plunder of information, the cybersecurity company Internet Identity stated.

The U.S. Department of Justice in November, 2011 performed operation on destruction of the DNS Changer program which was present at the peak of the power more than on 4 million PCs running Windows and Mac OS. A quarter of these machines was in the territory of the USA.

Followed then arrest of six Estonians accused of creation of a botnet became the culmination of two years' investigation though some researchers in the field of security monitored a botnet since 2006. Within this transaction of FBI captured more than 100 servers of management and control of a botnet which were placed in DPCs in the territory of the USA.

But, according to Internet Identity (IID), still in the specified companies can remain from one to several computers infected with DNS Changer. During the research IID used telemetered informations of monitoring of client networks and also third-party data.

Experts of IID consider that the infected machines still can create problems. "Initially DNS Changer caused disturbance as could redirect you from a safe environment on the Wednesday controlled by criminals, - Rod Rasmussen noted, the director of IID technologies - FBI could correct a situation temporarily. Now the fact that the machines bearing in themselves a virus are one more weak point disturbs... Practically they were left without any protection".

DNS Changer blocks upgradeability of the software – patches which vendors release for correction of defects and also disconnects set to protection software. Other specialists note that such computers have only several weeks before they are damaged.

Within carrying out the mentioned transaction the federal court of the USA approved the plan according to which net DNS servers were deployed by the Internet Systems Consortium (ISC) non-profit organization supporting the popular BIND DNS project open source. Without this step the infected systems would be cut off from the Internet while FBI withdrew domain servers of swindlers.

But ISC is authorized to support the alternative DNS servers only within 120 days or prior to the beginning of March, 2012. "[ISC] will stop [DNS] servers in March and all who else use them will lose an Internet access, - Wolfgang Kandek, the executive technical director of Qualys, in the blog of the company noted on February 2, 2012.

Qualys added the free instrument of check – BrowserCheck, for detection of DNS Changer which works on the PC running Windows, and the main working group - DNS Changer Working Group - created the website which will render assistance to users in the course of detection of the infected computers.