Barring an extension from the FBI, those systems still infected with DNSChanger will cease receiving DNS services from the ISC controlled name servers on this date. In other words, they will not be able to properly access internet resources. This gives information security professionals less than two weeks to detect, locate and remediate any systems on their networks that are still infected. The DNSChanger Working Group (DCWG) estimates there are still approximately 450,000 systems still infected as of January 28, 2012. Other statistics show that DNSChanger may be present in half of the Fortune 500 companies as well as at least 27 government organizations.[4,5,6] In early February 2012 Internet Identity disclosed there were 3 million systems still infected globally.[5,6] This is a relatively small number of systems when compared to other virus outbreaks. Regardless it represents a challenge to security professionals. This can be a substantial undertaking for large enterprises. The nature of DNSChanger was to redirect infected systems to malicious destinations. Many of these sites in turn installed additional malware. By finding a DNSChanger infected system you will be finding a system that has additional infections. This should justify the need for a thorough sweep for DNSChanger infections. Luckily there are many resources available to detect and remediate DNSChanger infections. The easiest way is to utilize a network monitoring tool to isolate DNS traffic to the ISC operated DNS resolvers.
188.8.131.52/20 (184.108.40.206 through 220.127.116.11)
18.104.22.168/21 (22.214.171.124 through 126.96.36.199)
188.8.131.52/24 (184.108.40.206 through 220.127.116.11)
18.104.22.168/20 (22.214.171.124 through 126.96.36.199)
188.8.131.52/20 (184.108.40.206 through 220.127.116.11)
LINK TO OUR HOME PAGE :