Wednesday, November 09, 2011

FBI, Estonian police bust huge botnet causing DNS contamination

Trend Micro reports the takedown of a massive botnet Tuesday Nov. 8 of over 4 million nodes by the FBI and Estonian police, with the detailed technical story here. The takedown of Esthost is being called the biggest cybercrime bust in history!

The botnet comprised computers with DNS settings pointing to foreign IP addresses.

This story may be related to a report Monday of DNS “cache poisoning” in Brazil. 

Ordinary home users in the US may not have been much affected. Cases of what may look like DNS contamination may result from misspelling of domain names to synonyms that are taken over by distributors of malware and fake anti-virus software or ransomware.

However, in July 2008, major security companies held emergency meetings at Microsoft over predictions of how DNS contamination could occur.

Update: Nov. 10

Shaun Waterman reports on the incident in the Washington Times, "Six Estonians arrested in 'cyber-infestation'" which he says affected about a half million personal computers in the US, and 4 million around the world, link here.

No comments: