DNSChanger server shutdown on Monday didn't cause a significant disruption, but the danger is not over yet, security experts say.
When the FBI on Monday shut down the temporary DNS servers keeping users infected with the DNSChanger Trojan online, only a tiny fraction of users still harbored the malware and some ISPs had established their own DNS backup servers for those stragglers.
All in all, the damage was minimal: just over 210,000 unique IP victims around the globe--a far cry from the initial headcount of millions of victims hit by the nasty malware--still remain infected with the malware, even after aggressive campaigns by many ISPs to alert users and offer them help to clean up their machines.
But the threat is far from over, security experts say.
Paul Vixie, chairman and founder of the Internet Security Consortium (ISC), which actually ran and managed the servers on behalf of the FBI operation, says by pulling the BandAid off slowly and keeping infected users from losing their DNS, ISPs are only masking the danger to victims. "The idea is to rip it [the BandAid] off" instead, he says.
Black Hat USA Las Vegas, the premiere conference on information security, features four days of deep technical training followed by two days of presentations from speakers discussing their latest research around a broad range of security topics. At Caesars Palace in Las Vegas, July 21-26. Register today.
Published: 2017-05-08 unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).
Published: 2017-05-08 A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...
Published: 2017-05-08 Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.
Published: 2017-05-08 Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.