US DOJ victim letter

• Previous message (by thread): US DOJ victim letter
• Next message (by thread): US DOJ victim letter
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Operation Ghost Click - someone in your AS has malware which changes their DNS server to an evil IP.  ICANN (IIRC) replaced these servers with clean ones around November 2011 and now it seems like the FBI is trying to contact everyone who is still talking to that server.

FBI seems to have a list of netblocks hosting rogue DNS servers here:
https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS

So if one of the computers inside your network is talking to one of those IPs for DNS, you probably have malware.

Drew


On Jan 19, 2012, at 1:03 PM, Tim Jackson wrote:

> The 3rd email they sent:
> 
> This email is intended to provide clarification on a previous email
> sent to you. You will be receiving a letter by U.S. Postal Service in
> the coming days.  In the meantime, please visit the link below which
> provides more details on the investigation and identifying you as a
> possible victim:
> 
> www.fbi.gov/news/stories/2011/november/malware_110911
> 
> --
> Tim
> 

• Previous message (by thread): US DOJ victim letter
• Next message (by thread): US DOJ victim letter
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]