NetFort Advertising

Concerned about Ghost Click?

gethostbyname
The FBI recently uncovered a network of rogue DNS servers and by working with the Estonian police they have completed one of the largest cybercrime takedowns to date. The operation itself was dubbed Operation Ghost Click. In order to ensure minimum impact on the infected computers the authorities, together with TrendMicro, were able to replace the DNS servers under the criminals’ control with legitimate servers. Further reading here.

Since 2007, the cyber ring used a class of malware called DNSChanger to infect approximately 4 million computers in more than 100 countries. Most of these systems will still have malware installed and they will be using DNS servers which were once part of the botnet. You can manually check if a system is infected by logging onto the FBI website where you can check DNS servers. However, if you have lots of systems on your network and you want to quickly check for suspicious activity you can use your LANGuardian. Just follow these steps

  1. Logon to your LANGuardian and from the left hand menu choose Bandwidth \ IP \ Traffic Distribution
  2. Enter these subnets into the subnet field. 85.255.112.0/20,67.210.0.0/20,93.188.160.0/21,77.67.83.0/24,213.109.64.0/20,64.28.176.0/20
  3. Run the report and if you get results drill down on the traffic totals to reveal what systems are associated with this activity.

If you dont have a LANGuardian in place, you can download a free trial at this link. The trial version will give you a fully functional LANGuardian for a 30 day period.