NEWS FROM THE LAB - Monday, March 5, 2012

Countdown to March 8th Posted by Sean @ 19:40 GMT

This is the week! (No… that's not an "iPad 3" reference.)

Back in November, the F.B.I. shutdown servers belonging to the DNSChanger botnet, operated by Rove Digital, which was based in Estonia. The Feds have been running substitute DNS servers since then, but their authority to do so expires on March 8, 2012.

And that means tens of thousands of compromised machines may be cut off from Internet services on Thursday.

Based on research by Merike Kaeo, it could even be hundreds of thousands.

DNS Changer Infections
DNS Changer NANOG54 Slides

Internet Service Providers in many countries have been working to reach affected customers for weeks, but there are still plenty that haven't yet heeded the call.

Don't be caught out, more information is available from these DNS configuration test pages:

  •  dns-ok.ax
  •  dns-ok.be
  •  dns-ok.ca
  •  dns-ok.de
  •  dns-ok.fi
  •  dns-ok.fr
  •  dns-ok.lu
  •  dns-ok.us

Update: Added some additional sites, courtesy of CERT-LEXSI.

Update: The U.S. District Court, Southern District of New York has granted the F.B.I. permission to host its substitute DNS servers for an additional 120 days — July 9th is the new deadline.

DNS Changer, July 9th

Update: Added dns-ok.ca to the list above. O Canada!