Operation Ghost Click

Paul Graydon paul at paulgraydon.co.uk
Thu Apr 26 16:47:52 CDT 2012

On 04/26/2012 11:44 AM, Andrew Latham wrote:
> On Thu, Apr 26, 2012 at 5:38 PM, Jeroen van Aart<jeroen at mompl.net>  wrote:
>> Excuse the horrible subject :-)
>> Anyone have anything insightful to say about it? Is it just lots of fuss
>> about nothing or is it an actual substantial problem?
>> http://www.fbi.gov/news/stories/2011/november/malware_110911
>> "Update on March 12, 2012: To assist victims affected by the DNSChanger
>> malicious software, the FBI obtained a court order authorizing the Internet
>> Systems Consortium (ISC) to deploy and maintain temporary clean DNS servers.
>> This solution is temporary, providing additional time for victims to clean
>> affected computers and restore their normal DNS settings. The clean DNS
>> servers will be turned off on July 9, 2012, and computers still impacted by
>> DNSChanger may lose Internet connectivity at that time."
>> --
>> Earthquake Magnitude: 5.5
>> Date: Thursday, April 26, 2012 19:21:45 UTC
>> Location: off the west coast of northern Sumatra
>> Latitude: 2.6946; Longitude: 94.5307
>> Depth: 26.00 km
> Yes its a major problem for the users unknowingly infected.  To them
> it will look like their Internet connection is down.  Expect ISPs to
> field lots of support calls.
Based on conversations on this list a month or so ago, ISPs were 
contacted with details of which of their IPs had compromised boxes 
behind them, but it seems the consensus is that ISP were going to just 
wait for users to phone support when it broke rather than be proactive 
about it.


More information about the NANOG mailing list