The largest internet cyber sting operation taken by FBI was named as Ghost click. Since 2007, a group of cyber group had deployed a special class of malware called DNSChanger. It is understood that the FBI had arrested six Estonians accused of running a botnet that controlled more than 4 million computers in 100 countries equating the infections to approximately 4 million computers. It is estimated that there were more than 500,000 infections in the U.S. alone, in a composition of computers belonging to individuals, businesses, and government agencies such as NASA.
The actual system worked by distributing malware that when installed would change the user's DNS settings to point to the crime ring's rogue DNS network. This malware ensures that cyber surfer visits the URL specified by the cyber criminal. By changing the DNS settings of infected computers, the crooks were redirecting the mouse clicks intended for site A to site B instead. They were converting the advertisements meant for service C into advertisement for service D. When an infected computer clicks the link, the user's computer would go to the criminal's nameserver who would send them to the wrong computer.
Under a court order, expiring July 9, the Internet Systems Consortium is operating replacement DNS servers for the Rove Digital network. A separate DNS Changer Working Group has been formed to handle the situation and clear the machines. This will allow affected networks time to identify infected hosts, and avoid sudden disruption of services to victim machines. It is understood that the efforts to clear the DNS changer malware from the millions of infected PCs has taken a lot longer than expected. Official announcement defines that data of closure of the rogue DNS network to July 9, 2012.
No comments:
Post a Comment