Vulnerabilities / Threats
6/28/2012
09:27 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

IID Reports 12 Percent of Fortune 500 Still Infected With DNSChanger Malware

New infographic shows need for collective intelligence to stop malware from causing millions of dollars in damage annually

TACOMA, Wash. – June 28, 2012 – IID (Internet Identity®), a provider of technology and services that help organizations secure their Internet presence, today announced that 12 percent of all Fortune 500 companies and four percent of “major” U.S. federal agencies are still infected with DNSChanger malware. The company also released an infographic detailing how DNSChanger has infiltrated Fortune 500 companies and major government organizations. Today’s findings come less than two weeks before the July 9 deadline that requires the FBI to take down the temporary servers that enable millions of computers and routers infected with DNSChanger to still reach their intended Internet destinations. “DNSChanger is an insidious form of malware affecting everyone from the everyday consumer to a large chunk of the Fortune 500,” said IID CEO Lars Harvey. “By working together to pool collective intelligence on the latest security threats, enterprises can ensure DNS resolvers do not enable employees to visit Internet locations hosting malware like DNSChanger—protecting their customer confidence, revenue, intellectual property and much more. We look forward to working with enterprises to accomplish this.” To illustrate just how pervasive and problematic DNSChanger has been since being discovered in late 2005, IID has designed the first infographic detailing this malware infection. In addition to a timeline of how DNSChanger has progressed and an illustration of the collective intelligence that has helped combat the malware, the infographic shows exactly how employees at Fortune 500 companies became infected and how the malware’s spread could have easily been stopped. IID’s ActiveTrust Resolver solution is being used by some of the world’s largest companies to stop their employees and systems from ever being able to connect with Internet locations loaded with malware like DNSChanger—fundamentally acting as a DNS firewall. ActiveTrust Resolver leverages collective intelligence on Internet security events to prevent these connections. IID amasses this real-time intelligence on the latest Internet security threats through a network of customers that includes five of the six largest banks in the U.S., the largest government agencies worldwide, and many of today’s leading financial services firms, e-commerce, social networking and ISP companies along with partnerships with hundreds of global law enforcement, security vendors, security researchers, and customers. Internet to go Dark, Disable A/V Because infected computers and routers will have no servers directing their DNS requests after July 9, the Internet may literally go dark for people using those computers or routers. Another effect of DNSChanger: if an enterprise’s employee has the malware on their computer even before the temporary servers go down, that enterprise is susceptible to having their proprietary information stolen. That’s because DNSChanger disables Anti-Virus (A/V) and regular software updates, exposing victims to attacks from other virus families. This enables criminals to view any data, messages exchanged and more on a victim’s computer, depending on what the victims’ machines are infected with. How IID Came To Findings By utilizing its ActiveKnowledge Signals system and data from other leading security and Internet infrastructure organizations, IID found at least 58 of all Fortune 500 companies and two out of 55 major government entities had at least one computer or router that was infected with DNSChanger. IID had found in January 2012 that half of all Fortune 500 companies and U.S. federal agencies were infected with DNSChanger. Along with several other organizations and companies who have teamed up to combat DNSChanger by forming the DNS Changer Working Group, IID is offering to help identify the IP addresses of machines infected by DNSChanger on any enterprise’s network for free. All an enterprise needs to do is send IID their Classless Inter-Domain Routing (CIDR) blocks and IID will let them know if they've got an infection. You can contact IID directly by emailing dnsfirewall@internetidentity.com. About IID IID (Internet Identity) offers products and services that combat and mitigate cyber attacks in order to protect the growth plans, assets, and customers of enterprises and government entities. Armed with collective intelligence about the latest Internet risks, IID secures the networks of five of the top six banks in the U.S., the largest government agencies worldwide, and many of today’s leading financial services firms, e-commerce companies, social networks and ISPs. IID’s 24-7 analysts, and partnerships with law enforcement, service providers and security experts around the world ensure the protection of its customers. The company is headquartered in Tacoma, Washington. More information can be found at www.internetidentity.com. ###

Andrew Goss | Program Director VOXUS PR for IID agoss@voxuspr.com o: 253.444.5446 m: 206.909.9212

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

CVE-2012-1317
Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

CVE-2012-1366
Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

CVE-2012-3062
Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

CVE-2012-3918
Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web