• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Botnets   »   We Survived Internet Doomsday

We Survived Internet Doomsday

  • Posted on:July 10, 2012 at 10:04 am
  • Posted in:Botnets, Malware
  • Author:
    Feike Hacquebord (Senior Threat Researcher)
0

Last Monday, July 9, around 300,000 Internet users lost connectivity because they still had not removed their DNS Changer malware infection. Immediately after the take down of the DNS Changer network infrastructure of Rove Digital on November 8, 2011, the FBI set up clean DNS servers for infected victims. These servers were temporary solutions for the victims who had three months (which was later extended to six months) to clean their infected machines.

Actually, a major blackout for hundreds of thousands of DNS Changer victims happened before: in fall 2008 when webhosting provider Atrivo went dark. Back then, Rove Digital had most of its computer servers running in the datacenter of Atrivo. In 2008, Atrivo’s going dark resulted in more than half of the rogue DNS servers going down for several days. So during those days, most DNS Changer victims could not use the Internet either.  However soon after, Pilosoft, a webhosting company in New York, came to rescue the criminal operation of Rove Digital. Most of the DNS Changer infrastructure moved to the Pilosoft datacenter. This is just one of the details of the Rove Digital takedown we described in our white paper, which can be downloaded here: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_the_rove_digital_takedown.pdf

Some media outlets dubbed July 9, 2012 as Internet doomsday. July 9 has passed and it looks like that doomsday prediction did not come true, just like any other doomsday announced by mortals happens to be a non-event.

However, let me point out that although doomsday did not have massive repercussions, this doesn’t say that there was no damage done.

300,000 computers (others estimate it at about 500,000) going offline worldwide may not have any measurable effect, but loss of productivity and computer repair costs are real concerns. This might even translate to millions of dollars. Let me be clear, though: Rove Digital is responsible for this damage, not the FBI, nor any other party. Since the victims are spread all over the world, we do not expect to hear complaints. Moreover, a lot of the large ISPs in the US and Canada have carefully prepared for this Internet doomsday. Some of these ISPs have been very successful with cleaning up machines of infected customers, often with help of the DNS Changer Working Group (DCWG). Trend Micro is one of the first industry partners of DCWG, and the only AV vendor acting as a main contributor during the investigation period before the Rove Digital suspects were arrested in 2011. Later, companies like Google and Facebook joined. On a scale never seen before, both companies showed warning messages to their users who were infected with the DNS Changer malware.

All the great work of DCWG helped to reduce the number of infections a lot, but the last 300,000 – 500,000 infected users somehow cannot be reached by Facebook, Google, and mainstream media around the world. This remains somewhat a mystery to me.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: atrivoDNS Changerinternet doomsdayjuly 9rove digital

Featured Stories

  • systemd Vulnerability Leads to Denial of Service on Linux
  • qkG Filecoder: Self-Replicating, Document-Encrypting Ransomware
  • Mitigating CVE-2017-5689, an Intel Management Engine Vulnerability
  • A Closer Look at North Korea’s Internet
  • From Cybercrime to Cyberpropaganda

Security Predictions for 2018

  • Attackers are banking on network vulnerabilities and inherent weaknesses to facilitate massive malware attacks, IoT hacks, and operational disruptions. The ever-shifting threats and increasingly expanding attack surface will challenge users and enterprises to catch up with their security.
    Read our security predictions for 2018.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Monero-Mining RETADUP Worm Goes Polymorphic, Gets an AutoHotKey Variant
  • XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing
  • XTRAT and DUNIHI Backdoors Bundled with Adwind in Spam Mails
  • Ransomware XIAOBA Repurposed as File Infector and Cryptocurrency Miner
  • Not Only Botnets: Hacking Group in Brazil Targets IoT Devices With Malware

Popular Posts

  • New MacOS Backdoor Linked to OceanLotus Found
  • Monero-Mining HiddenMiner Android Malware Can Potentially Cause Device Failure
  • ChessMaster Adds Updated Tools to Its Arsenal
  • Ransomware XIAOBA Repurposed as File Infector and Cryptocurrency Miner
  • Not Only Botnets: Hacking Group in Brazil Targets IoT Devices With Malware

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.