Endpoint Encryption

 View Only

Operation Ghost Click to turn DNS Changer C&Cs to the dark side. 

Feb 27, 2012 01:30 PM

In the news….. The FBI will be losing their court granted hold over the DNS servers in March and they are planning to make them “go dark”. Rather than changing their green lights sabers to red, this will cause any machine still looking to them for IPs to lose their internet connectivity.

Our detections for this threat are called Zlob and Tidserv. Tidserv can be very difficult to remove.  If you should discover a machine where we detected it but the log says we were not able to completely remove it you should run Norton version of Power Eraser, so you can be sure to check all the accounts.

Symantec Security Response’s current recommendation:

Monitor your network for the bad DNS IPs, using that to identify any infected clients we may have missed with SEP.  If you can re-route traffic, you can reroute these machines to a legitimate DNS server.  Regardless, we recommend taking our repair tool to each of these machine and using it to clean them.


Additional Reading:

DNSChanger Fraud Ring Busted

0 Favorited
0 Files

Tags and Keywords


Feb 29, 2012 12:11 AM

Thums UP!!yes

Related Entries and Links

No Related Resource entered.