Hello readers,
Its difficult to juggle between academics, extracurricular, social life, learning stuff and still finding time to write article for my blog. I've got some nice advice today from one of the senior member on a hacker's forum. Nowonwards I'll be doing my best to keep this blog updated. So do check out!
This is an article I wrote for our college magazine which will be published tomorrow. There was a word limit and it's intended for general audience. Here we go...
Its difficult to juggle between academics, extracurricular, social life, learning stuff and still finding time to write article for my blog. I've got some nice advice today from one of the senior member on a hacker's forum. Nowonwards I'll be doing my best to keep this blog updated. So do check out!
This is an article I wrote for our college magazine which will be published tomorrow. There was a word limit and it's intended for general audience. Here we go...
These
warnings splashed across the internet, facebook, google and newspapers, ‘you
may lose your access to internet on 9th of July.’ The reason behind
it, the FBI was to take down around 100 rough DNS servers that infected over 4
million computers in over 100 countries. ‘Operation Ghost Click’ –as it was
codenamed- is considered one of the biggest cybercrime takedowns in the history.
Year 2007, a group of Estonian and
Russian hackers released this DNS hijacking malware. This ‘DNS changer’ malware
made its way into user’s computers by tricking them into downloading a
video-codec (a piece of software required to play the video format) when they visit certain websites. This malware would then change the DNS server
entries in the infected computer to point them to a rogue DNS set up by
attackers. These servers redirected links of certain websites to advertising
pages, thus pulling a revenue of whooping $14 million to its creators through
fraudulent advertising. The malware also prevented any installed antivirus from
receiving security updates. Within four years of presence of this malware all
over the world, its botnet (zombie network) grew up to few million, a large
part of which was in the USA.
On 9 Nov 2011, FBI and the US
authorities began the ‘operation ghost click’ to take down this multi million
cybercrime racket. Six Estonian and one Russian national connected to the DNSchanger
being charged and arrested, FBI seized the DNS servers connected to the
malware. Plan was to immediately take down these rough DNS changer, although
this would mean leaving millions of infected users without a way to connect to
the internet. Hence the court ordered Internet Systems Consortium (ISC) to
operate the replacement DNS servers and prompt the infected users about the
presence of malware. The deadline of this court order was delayed up to 9th
July 2012 because of the concern that there were still many infected computers
across the world. During this period, FBI began extensive media campaign to
warn users about the DNS changer malware and they might lose access to internet
on 9th July.
Impact of this shutdown is considered
minimal, credits to the informational campaign surrounding the malware, ISPs
providing temporary DNS to the affected customers, Antivirus companies doing
their best along with facebook and google providing notifications to the
visitors who were affected by the malware. It has been estimated that number of
infections still present is dropped down to some ten thousands. A website http://www.dcwg.org is set up to provide information and
help people scan and remove malware from their machines.
While the damage done by DNSchanger is
much under control now, many botnets consisting thousands of zombies, still
exist in the world. At worst, sophisticated attacks against government and
military systems can be launched from these infected computers, which may
create trouble for the end user. It won’t hurt to follow simple security practices
to combat the evergrowing hackers’ underground.
No comments:
Post a Comment