Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Operation Ghost Click to turn DNS Changer C&Cs to the dark side.

Created: 27 Feb 2012 • Updated: 27 Feb 2012 | 1 comment
Language Translations
Brandon Noble's picture
+6 6 Votes
Login to vote

In the news….. The FBI will be losing their court granted hold over the DNS servers in March and they are planning to make them “go dark”. Rather than changing their green lights sabers to red, this will cause any machine still looking to them for IPs to lose their internet connectivity.

Our detections for this threat are called Zlob and Tidserv. Tidserv can be very difficult to remove.  If you should discover a machine where we detected it but the log says we were not able to completely remove it you should run Norton version of Power Eraser, so you can be sure to check all the accounts.

Symantec Security Response’s current recommendation:

Monitor your network for the bad DNS IPs, using that to identify any infected clients we may have missed with SEP.  If you can re-route traffic, you can reroute these machines to a legitimate DNS server.  Regardless, we recommend taking our repair tool to each of these machine and using it to clean them.

Additional Reading:

DNSChanger Fraud Ring Busted

Comments 1 CommentJump to latest comment

Avkash K's picture

Thums UP!!yes

Regards,

Avkash K

0
Login to vote