DNSChanger server shutdown on Monday didn't cause a significant disruption, but the danger is not over yet, security experts say.
When the FBI on Monday shut down the temporary DNS servers keeping users infected with the DNSChanger Trojan online, only a tiny fraction of users still harbored the malware and some ISPs had established their own DNS backup servers for those stragglers.
All in all, the damage was minimal: just over 210,000 unique IP victims around the globe--a far cry from the initial headcount of millions of victims hit by the nasty malware--still remain infected with the malware, even after aggressive campaigns by many ISPs to alert users and offer them help to clean up their machines.
But the threat is far from over, security experts say.
Paul Vixie, chairman and founder of the Internet Security Consortium (ISC), which actually ran and managed the servers on behalf of the FBI operation, says by pulling the BandAid off slowly and keeping infected users from losing their DNS, ISPs are only masking the danger to victims. "The idea is to rip it [the BandAid] off" instead, he says.
Black Hat USA Las Vegas, the premiere conference on information security, features four days of deep technical training followed by two days of presentations from speakers discussing their latest research around a broad range of security topics. At Caesars Palace in Las Vegas, July 21-26. Register today.
Published: 2015-07-06 Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template.
Published: 2015-07-06 The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, ...
Published: 2015-07-06 Open redirect vulnerability in the Language Switcher Dropdown module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a block.
Published: 2015-07-06 Multiple cross-site scripting (XSS) vulnerabilities in the Tournament module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via an (1) account username, a (2) node title, or a (3) team entity title.
Published: 2015-07-06 Cross-site scripting (XSS) vulnerability in the Node Field module 7.x-2.x before 7.x-2.45 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors involving internal fields.