WhatsUp Gold: Daily Network Monitor Blog

Network Monitoring News

Posts Tagged ‘ dnschanger trojan ’

By Lauren Smith

As you probably know, anyone infected with the DNSChanger malware was supposed to lose internet today. The DNSChanger malware is a Trojan horse that changes the DNS settings on computers and routers to send users to malicious sites, which then steal personal information and generate illegal ad revenue for the scammers. In November 2011, the FBI took over the botnet’s rogue servers and replaced them and planned to shut down the servers they put up in replacement of the rogue ones today, March 8th.

However, companies and individuals infected with the Trojan have been given 120 more days (until July 9th)  to clean up their PCs or they will lose internet access.  Do you know if you’re infected or not? WhatsUp Gold can help.

Flow Monitor will detect if any devices are still infected on your network. You can build a group containing the IP addresses listed below, and then add an alert for DNS traffic to this group. If you are infected with the DNSChanger, you can then run a report for all infected devices.

Potentially Rogue DNS Servers 

  • 85.255.112.0 – 85.255.127.255
  • 67.210.0.0 – 67.210.15.255
  • 93.188.160.0 – 93.188.167.255
  • 77.67.83.0 – 77.67.83.255
  • 213.109.64.0 – 213.109.79.255
  • 64.28.176.0 – 64.28.191.255

Take action before it’s too late – Find out if any of your devices are infected with your free 30-day trial of WhatsUp Gold!

Share:
  • Facebook
  • Twitter
  • Digg
  • Tumblr
  • StumbleUpon
  • del.icio.us
  • Yahoo! Buzz
  • Google Bookmarks
  • Reddit

By Lauren Smith

Over 450,000 computers - including half of the Fortune 500 companies and over 50% of government entities – are still infected with the DNSChanger malware. Don’t be one of them! 

As you’ve probably heard (or maybe even experienced) the DNSChanger is a Trojan horse that changes the DNS settings on computers and routers to send users to malicious sites, which then steal personal information and generate illegal ad revenue for the scammers (we’re exhausted just thinking about it). In November 2011, the FBI took over the botnet’s rogue servers and replaced them; however, on March 8th the FBI will be shutting down the servers they put up in replacement of the rogue ones.

On March 8th, any machine still infected with the malware will be unable to get on the Web, send emails, or do anything else online. Luckily, WhatsUp Gold can help!

Flow Monitor will detect if any devices are still infected on your network. You can build a group containing the IP addresses listed below, and then add an alert for DNS traffic to this group. If you are infected with the DNSChanger, you can then run a report for all infected devices.

Potentially Rogue DNS Servers 

–85.255.112.0 – 85.255.127.255

–67.210.0.0 – 67.210.15.255

–93.188.160.0 – 93.188.167.255

–77.67.83.0 – 77.67.83.255

–213.109.64.0 – 213.109.79.255

–64.28.176.0 – 64.28.191.255

 

Take action before it’s too late – Find out if any of your devices are infected with your free 30-day trial of WhatsUp Gold!

Share:
  • Facebook
  • Twitter
  • Digg
  • Tumblr
  • StumbleUpon
  • del.icio.us
  • Yahoo! Buzz
  • Google Bookmarks
  • Reddit