Over 450,000 computers – including half of the Fortune 500 companies and over 50% of government entities – are still infected with the DNSChanger malware. Don’t be one of them!
As you’ve probably heard (or maybe even experienced) the DNSChanger is a Trojan horse that changes the DNS settings on computers and routers to send users to malicious sites, which then steal personal information and generate illegal ad revenue for the scammers (we’re exhausted just thinking about it). In November 2011, the FBI took over the botnet’s rogue servers and replaced them; however, on March 8th the FBI will be shutting down the servers they put up in replacement of the rogue ones.
On March 8th, any machine still infected with the malware will be unable to get on the Web, send emails, or do anything else online. Luckily, WhatsUp Gold can help!
Flow Monitor will detect if any devices are still infected on your network. You can build a group containing the IP addresses listed below, and then add an alert for DNS traffic to this group. If you are infected with the DNSChanger, you can then run a report for all infected devices.
Potentially Rogue DNS Servers
–184.108.40.206 – 220.127.116.11
–18.104.22.168 – 22.214.171.124
–126.96.36.199 – 188.8.131.52
–184.108.40.206 – 220.127.116.11
–18.104.22.168 – 22.214.171.124
–126.96.36.199 – 188.8.131.52
Take action before it’s too late – Find out if any of your devices are infected with your free 30-day trial of WhatsUp Gold!