Sunday, July 08, 2012

DNSChanger Malware Strikes Fear All Over the World: Are you ready for July 9?

Virus

This just in from my Internet Service Provider,

Dear Valued Customer,

We have received information from international agencies that a rampantly spreading “DNSChanger” malware may infect the computers of internet users globally. If your computer is infected, this malware redirects you to fraudulent websites and DNS servers and can interfere with your online browsing.

We strongly urge our Broadband subscribers to take the necessary steps to check their computers as soon as possible. If infected, they should remove the virus from their computers immediately.

If your computer is infected, you may lose access to the internet by July 9, when U.S. authorities will shut down the temporary servers that continue to allow infected computers to access the internet. 

Checking the status of your computer is easy. Simply click on the US FBI’s DNS Changer Working Group, or DCWG, web site at http://www.dcwg.org/, the group working on cleanup resulting from the malware, or click on this link http://www.dns-ok.us/ to find out the status of your computer: green means it is safe; red means it is infected. If your computer test results to green, no further action is needed.

But, if your test results to red, please visit the Globe Tattoo website at http://tattoo.globe.com.ph/dnsmalware for a step-by-step instruction on how to recover your computer from this malware.

We also encourage you to visit our website to read more about this issue. We hope this information ensures that you continue to experience seamless internet services.

Yours,

Globe Telecom

From the FBI PDF


DNS (Domain Name System) is an Internet service that converts user-friendly domain
names into the numerical Internet protocol (IP) addresses that computers use to talk to
each other. When you enter a domain name, such as www.fbi.gov, in your web browser
address bar, your computer contacts DNS servers to determine the IP address for the
website. Your computer then uses this IP address to locate and connect to the website. DNS
servers are operated by your Internet service provider (ISP) and are included in your
computer’s network configuration. DNS and DNS Servers are a critical component of your
computer’s operating environment—without them, you would not be able to access
websites, send e-mail, or use any other Internet services.

Criminals have learned that if they can control a user’s DNS servers, they can control what
sites the user connects to on the Internet. By controlling DNS, a criminal can get an
unsuspecting user to connect to a fraudulent website or to interfere with that user’s online
web browsing. One way criminals do this is by infecting computers with a class of malicious
software (malware) called DNSChanger. In this scenario, the criminal uses the malware to
change the user’s DNS server settings to replace the ISP’s good DNS servers with bad DNS
servers operated by the criminal. A bad DNS server operated by a criminal is referred to as
a rogue DNS server.

The FBI has uncovered a network of rogue DNS servers and has taken steps to disable it.
The FBI is also undertaking an effort to identify and notify victims who have been impacted
by the DNSChanger malware. One consequence of disabling the rogue DNS network is that
victims who rely on the rogue DNS network for DNS service could lose access to DNS
services. To address this, the FBI has worked with private sector technical experts to
develop a plan for a private-sector, non-government entity to operate and maintain clean
DNS servers for the infected victims. The FBI has also provided information to ISPs that can
be used to redirect their users from the rogue DNS servers to the ISPs’ own legitimate
servers.

The FBI will support the operation of the clean DNS servers for four months,
allowing time for users, businesses, and other entities to identify and fix infected
computers. At no time will the FBI have access to any data concerning the Internet activity
of the victims.

No comments:

Post a Comment

EventId's in Nostr - from CGPT4

The mathematical operation used to derive the event.id in your getSignedEvent function is the SHA-256 hash function, applied to a string rep...