SOURCE: Internet Identity

Internet Identity

February 02, 2012 10:37 ET

IID Reports Half of Fortune 500 and Major U.S. Government Agencies Infected With DNSChanger Malware

Despite FBI Takedown of Criminal Network Behind DNSChanger, Organizations Still at Risk

TACOMA, WA--(Marketwire - Feb 2, 2012) - IID (Internet Identity), a provider of technology and services that help organizations secure their Internet presence, today announced half of all Fortune 500 companies and what it considers "major" U.S. federal agencies are infected with DNSChanger malicious software (malware). By utilizing its ActiveKnowledge Signals system and data from other leading security and Internet infrastructure organizations, IID found at least 250 of all Fortune 500 companies and 27 out of 55 major government entities had at least one computer or router that was infected with DNSChanger in early 2012.

If an enterprise's employee has DNSChanger on their computer, it means that enterprise is susceptible to having their proprietary information stolen. That's because DNSChanger disables Anti-Virus (A/V) and regular software updates, exposing victims to attacks from other virus families. This enables criminals to view any data, messages exchanged and more on a victim's computer, depending on what the victims' machines are infected with.

"Initially, DNSChanger was so worrisome because it could redirect you from a safe web location to a dangerous one controlled by cyber criminals," said IID president and CTO Rod Rasmussen. "However, the FBI temporarily fixed that. Now the big worry is that machines that are still infected face a second vulnerability -- they are left with little if any security."

DNSChanger malware actively changes the infected system's domain name system (DNS) resolution settings to use rogue servers that redirect legitimate searches and URLs to malicious websites that attempt to steal personal information and generate illegitimate ad revenue for a network of cybercriminals. In November 2011, the FBI -- working in concert with NASA, the Estonian police, and several private sector firms and security researchers -- put a major dent in the DNSChanger operation with Operation Ghost Click. This operation culminated with the arrest of six Estonian nationals who are accused of manipulating millions of infected computers via DNSChanger. Along with the arrests, a number of computer systems were seized that the FBI says were being used as rogue DNS servers. But instead of just being shut down, they have been temporarily replaced with legitimate servers for 120 days.

Barring further court actions, on March 8, 2012 when those 120 days pass and the legitimate servers are taken down, millions of people may not be able to reach their intended Internet destinations. Because infected computers and routers will have no servers directing their DNS requests, the Internet may literally go dark for people using those computers or routers.

IID Joins Industry Allies to Lend a Helping Hand
Along with several other organizations and companies who have teamed up to combat DNSChanger by forming the DNS Changer Working Group, IID is offering to help identify the IP addresses of machines infected by DNSChanger on any enterprise's network for free. All an enterprise needs to do is send IID their Classless Inter-Domain Routing (CIDR) blocks and IID will let them know if they've got an infection. IID can identify malware infestations like DNSChanger with its ActiveKnowledge Signals service, which externally detects and diagnoses malicious or potentially dangerous activities occurring on an enterprise's network via the indicators these activities give off when communicating on the Internet. It does this by correlating intelligence gathered directly and via a wide network of security industry partners. ActiveKnowledge Signals provides enterprises with timely, actionable alerts about threatening or potentially dangerous activities occurring on internal, external and partner networks

To see if DNSChanger is on your network, you can take advantage of free information from one of several organizations contributing to the effort to clean up infected machines before time runs out. An up-to-date list of organizations you can contact to get this information can be found at the DNS Changer Working Group website: If you run an enterprise network, you can also contact IID directly by going to

About IID
IID (Internet Identity) has been providing technology and services that secure the Internet presence for an organization and its extended enterprise since the company was founded in 1996. It recently introduced a number of unique approaches to secure organizations' use of Internet infrastructure with ActiveTrust® BGP, ActiveTrust DNS, and ActiveTrust Resolver with TrapTrace. IID also provides anti-phishing, malicious software (malware) and brand security solutions for five of the top six banks in the U.S., many of today's leading financial services firms, e-commerce, social networking and ISP companies, and more. Through its extensive data, and deep relationships with law enforcement, service providers and security experts around the world, IID delivers unrivaled ways to keep the Internet safe and trusted for businesses. IID is headquartered in Tacoma, Washington. More information can be found at

Contact Information

  • Contact:
    Andrew Goss
    VOXUS Inc. (for IID)
    Email Contact