The DNSChanger malware scheme, responsible for forcing computers to use rogue DNS servers for Internet connectivity, was taken claim by Valeri Aleksejev, 32, of Estonia last week after admitting his involvement.
Decided in U.S. District Court in Manhattan, Aleksejev now faces up to 25 years in prison after pleading guilty to conspiracy to commit wire fraud and conspiracy to comment computer intrusion. Not only does he face hard time in prison, but authorities must deport and forfeit $7 million.
DNSChanger was undoubtedly one of the most talked-about and potent botnet infections in the last two years. While DNSChanger was taken down in 2011, the FBI and Estonian national police made arrests. At the same time, the command and control servers located at data centers in Chicago and New York were shut down. These command and control severs were necessary for the DNSChanger botnet (large group of compromised computers) to connect to and obtain their next set of instructions. Having shut them down, the infected systems were no longer able to receive additional instructions, but were, however, still infected with potentially destructive malware.
Aleksejev, while having his day in court, said that he had helped write code that blocked infected systems from installing or applying antivirus updates. With such implementation of this code, those infected systems could not be easily cured by antivirus firms releasing a simple update. Also during the indictment, Aleksejev's lawyer claimed that his client was broke. Following the hearing, Aleksejev and five other Estonians were arrested by police in the Baltic republic during November of 2011.
DNSChanger was more of a 'game changer' in the sense of thousands of infected systems required more than just an antivirus solution to free them of such a potent malware threat. Fortunately, many security firms and sources provided the necessary resources to solve DNSChanger issues and eventually reprieve infected systems.