Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

DNSChanger Fraud Ring Busted

Created: 10 Nov 2011 11:32:13 GMT • Updated: 23 Jan 2014 18:18:26 GMT • Translations available: 日本語
khaley's picture
+2 2 Votes
Login to vote

Here’s a money making idea: find some advertisers and tell them you can put their ads on billboards at half the going rate. You don't own any billboards? No problem, just go paste the ads over the ones on someone else's billboards.

This idea has not really caught on in the real world—it's impractical to run around town, climbing up poles, and plastering ads on someone else's billboard. You’re also limited to the billboards you can physically reach. Plus it's illegal.

The Internet is another story. There are no physical limitations, no climbing, and some people don't have an issue with doing illegal things, especially when they don't think they'll get caught. The good news is they do get caught, but we'll come back to that.

So what is the equivalent of a billboard on the Internet? A website. Getting people to visit a website and view ads on it is big business. This attracts cyber criminals who try to figure out how they can manipulate this aspect of the Internet for their own gain, and they can. They do it with something called DNSChanger.

What's DNSChanger? The FBI has information on it on their website. It's really nice to see a clear description of such a complicated fraud. Even nicer, the FBI just caught an international fraud ring responsible for compromising millions of computers with malware and defrauding Internet advertisers.

How much could a bad guy possibly make doing this? The ones the FBI just took down made at least 14 million dollars—big money. It took a large number of compromised computers to get all this money: four million computers in more than 100 countries. My bet is that most of those computers didn't have good security software, or didn't keep it up-to-date. That's pretty sad, because this makes life easy for the bad guys. The cyber criminals use malware like Zlob or Tidserv to get DNSChanger on a computer. We have multiple protection technologies that detect these threats, but you have to use the technology in order to be protected.

The FBI has provided some great information to help potential victims identify if their computer has been subjected to the attack. Symantec can help too. If you feel you may have been compromised, even if you're not one of our customers, you can make use of Norton Power Eraser to further analyze and remove any malware on your computer. We can't rely solely on the FBI, we all need to do our part to stop these criminals.

Blog Entry Filed Under: