Facebook joins Google, ISPs in notifying DNSChanger victims

Facebook alerts owners of DNSChanger-infected computers that they need to take action before July 9

Facebook has started notifying victims of the DNSChanger malware who visit the social networking site that their computers will be cut off from the Internet on July 9, if they don't clean them until that time.

Facebook's DNSChanger alerts will include a link the DNSChanger Working Group's website, which contains more information about the malware and instructions on how to remove it.

"Earlier this year, Facebook joined the clean up effort by participating in [http://www.dcwg.org DNSChanger Working Group], which is comprised of computer security experts from the public, private, and academic sectors," the Facebook security team said in a blog post on Monday. "As a result of our work with the group, Facebook is now able to notify users likely infected with DNSChanger malware and direct them to instructions on how to clean their computer or networks."

DNSChanger is a family of Trojan programs that hijack Web search queries, display malicious advertisements and redirect users to fake websites. They do this by forcing infected computers to use DNS servers controlled by attackers.

DNS servers play a very important role on the Internet -- they translate domain names into numerical Internet Protocol (IP) addresses that computers use to communicate with each other. By default, most computers use DNS servers operated by their respective Internet service providers (ISPs) -- entities that are implicitly trusted with routing their connections.

The FBI shut down the DNSChanger operation in November 2011 following a two-year investigation and temporary replaced the rogue DNS servers with legitimate ones. The replacement servers are operated by a non-profit organization called the Internet Systems Consortium, which also operates one of the Internet's thirteen authoritative DNS root servers.

A judge initially signed off on this arrangement until March 8 in order to give ISPs sufficient time to identify and notify victims. However, the deadline was later extended by four months.

The replacement servers are now scheduled to be taken offline on July 9, after which time computers still infected with the DNSChanger malware will no longer be able to access the Internet.

The DNSChanger Working Group estimates that there are over 350,000 devices still infected with DNSChanger, out of the 4 million that were originally affected by the malware.

Facebook's decision to notify the owners of the remaining infected computers follows a similar decision by Google, which started alerting DNSChanger victims through its search pages on May 22.

Join the CSO newsletter!

Error: Please check your email address.

More about FacebookFBIGoogle

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lucian Constantin

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts