Infected government computers getting cleaned

Cyber Chief Magazine brings you the tactics to uncover and neutralize the insider threat

As the date of the planned shutdown of the clean servers that constitute the only link to the Internet for the 400,000 or so computers still infected with the DNSChanger malware looms near, the US government is worried what about losing the infected computers that are used by many of its agencies.

The court order that would allow for the extenuation of the deadline up to July 9 has still not been granted, so the government has asked the help private sector companies and has employed Einstein, its own threat-monitoring system, in order to pinpoint the affected computers.

Einstein was fed with a number of indicators for the malware, and set loose on 17 of 19 agencies that are planned to be combed through, reports NextGov. According to researchers involved in the clean-up process, the malware was found on at least one computer in 27 of the 55 government departments that were checked.

“DHS identified infected agencies by leveraging multiple sources to ensure we have the most comprehensive accounting of machines infected within the dot-gov,” DHS spokesman Peter Boogaard said, not confirming or denying the aforementioned numbers. “Each organization is actively implementing mitigation strategies to alleviate infections.”

The initial exchange of the botnet’s servers with the clean ones was executed so that ISPs could detect victims and instruct them on how to remove the malware from their computers. Unfortunately, the process was slow and time is running out.