Two months after a traffic hijacking scheme was brought to its knees, the software that powered a botnet is still running on computers at half of the Fortune 500 companies, and on nearly 50 percent of all federal government agency PCs.
The "DNSChanger Trojan" changes the host computer's web settings to hijack search results and to block victims from visiting security sites that might help scrub the infections.
Inspector Knacker of the Estonian Yard fingered the collar of six men suspected of using the Trojan to control more than 4 million computers in over 100 countries. At the same time there was a coordinated attack on the malware's infrastructure.
Companies were supposed to be cleaning up their systems before some bright spark figures out a way of reactivating the network.
But according to Krebs on Security, that cleanup process has been slow-going.
Insecurity company Internet Identity found evidence of at least one DNSChanger infection in computers at half of all the Fortune 500 firms, and 27 out of 55 major government entities.
Rod Rasmussen, president and chief technology officer at Internet Identity, said that there were some difficulties with removing this malware, but you would think people would want to get it cleaned up.
The FBI has warned that although it has a court order to replace the Trojan's DNS infrastructure with surrogate, legitimate DNS servers, the order will expire on 8 March, 2012. When that expires the internet connection for infected servers will break completely.