LANGuardian reports on DNSChanger infected hosts

  • 1
  • Announcement
  • Updated 6 years ago
DNSChanger is a trojan that changes the DNS settings on infected machines so that legitimate web traffic is diverted to malicious websites. At best, it causes disruption and loss of productivity; at worst, it can lead to further malware infection, identity theft, and fraud. In November 2011, the FBI obtained a court order allowing it to shut down the DNS servers associated with DNSChanger and replace them with legitimate servers operated by the Internet Standards Consortium (ISC). The court order expires next week and unless it is extended, any computers still infected with DNSChanger will no longer be able to access the Internet after March 8.

With LANGuardian, you can easily identify computers on your network that are infected with DNSChanger by checking for traffic to the legitimate replacement DNS servers. We have updated LANGuardian with a new report, which you can find here:

Security -> Events -> Advanced Reports -> Clients using the DNSChanger name servers

If you have any questions about detecting DNSChanger, or indeed any other aspect of network monitoring with LANGuardian, please contact us any time.
Photo of Michael Finn

Michael Finn

  • 35 Posts
  • 5 Reply Likes

Posted 6 years ago

  • 1

Be the first to post a reply!