Wednesday, May 09, 2012

Detecting DNS Changer Infection with CloudFlare and OpenDNS

If you're using CloudFlare to enhance speed and security (it's a great, free service, by the way!), you'll want to check out one of their latest apps, created in conjunction with OpenDNS. The app will notify your website visitors if they are infected with the DNS Changer malware.

If you're not familiar with the DNS Changer malware, it modifies settings of the victim computers, rerouting traffic to banks and other sites of interests through the hands of the bot masters. This means sensitive information could be compromised.

Last year the FBI was able to legally take over the DNS Changer rerouting systems, protecting the victims to some degree. However, the FBI has to relinquish control in July, meaning victim systems which have not been fixed will be unable to access websites as normal. The FBI has an in-depth writeup on the DNS Changer malware (PDF link), along with information on how to find out if you're infected and how to fix the problem.

Enter the CloudFlare application. If you enable this application, CloudFlare will notify DNS Changer infected visitors to your website that are compromised. They also provide a link with instructions on how to fix the problem. Here's what the notification looks like:

No comments: