Sunday, July 8, 2012

What the DNSChanger malware is -- and why you should care (FAQ)

Now nearly 5 years old, DNSChanger still infects hundreds of thousands of computers. If you've got it, you'll probably lose your Internet connection on Monday. Read our FAQ to learn what this malware is and how to stop it.



The DNSChanger malware has been around for years, but its deleterious effects are coming to a head this Monday. Here's what you have to know about it, and how to fix it.
What is DNSChanger?
DNSChanger is a Trojan horse malware with many variants. It changes an infected computer's DNS settings to point to rogue, bad guy-controlled servers. These then show you ads that look real, but aren't. Basically, it redirects your legitimate Web surfing to malicious Web sites that then attempt to steal personal information and generate illegitimate ad revenue.
How much money did DNSChanger make?
From the time it was discovered around 2007 until six Estonian scammers were caught in November 2011, DNSChanger scored them upwards of $14 million, reportedly.
What does DNSChanger do?
DNSChanger changes your Domain Name System settings without your permission. This is bad because DNS is basically the Internet's phone book crossed with a map. DNS links a URL, such as CNET.com, to an IP address. (An IPv4 address would be something like 192.1.56.10, while an IPv6 address would look like 1050:0:0:0:5:600:300c:326b.) DNSChanger changes that and redirects search results and URLs to malicious sites that are designed to either serve you ads to malicious sites, or intend to illegitimately collect your login information.
If the bad guys have been caught already, why does DNSChanger still affect people?
Simply put, the malware was exceedingly effective and infected hundreds of thousands of computers. Prior to the bad guys being arrested, the Federal Bureau of Investigation and German Federal Office for Information Security created a redirect of the redirect, so that many people infected by DNSChanger would still go to the legitimate Web sites that they intended to visit.
After the arrests, the two governments agreed to keep the rogue DNS servers running until March. Then they learned that there were still around 450,000 active DNSChanger infections, and so the servers got a reprieve until Monday, July 9.
If your computer's been infected and you haven't fixed it by July 8, your Monday morning will be even worse than normal.
So the Facebook alerts and Google warnings about DNSChanger were legit?
Yep. And around 330,000 people were still infected with DNSChanger as of the end of May, with about 77,000 of those in the U.S.
Google's warning that appeared at the top of search results.
Google's warning that appeared at the top of search results.
(Credit: CNET)
How can I tell if I'm infected?
If you're in the United States, go to dns-ok.us or its parent site, the DNSChanger Working Groupfor computers based outside of the U.S. Click on the URL appropriate to your country, and you'll see an image with a green background if you're clean. A red background means you're infected.
Help! My computer's infected with DNSChanger. How can I fix it?
The DCWG has a list of free tools to download and instructions on how to clean a computer infected with DNSChanger.
How can I avoid malware like DNSChanger in the future?
Security suites aren't perfect, but they will protect you from the vast majority of threats out there including DNSChanger. Whether you're on Windows or MacAndroid or iOS, you really ought to have some kind of security program installed. And always double-check the URL before entering personal information into any kind of online text field or form, no matter what operating system or device you're using.

source:cnet.com

Internet shutdown on July 9 2012 and DNSChanger malware attack

Internet shutdown July 9 2012 is making headlines across the world. DNSChanger malware attack is one of the most feared topic for millions of internet users. Here are some important details

Are you using a Windows PC? Check out and make sure your system is not affected by the DNSChanger malware. It is time for you to have a look at whether your PC is under the attack of the villainous malware. Four million Windows PCs including as many as 64,000 in the U.S. are to go dark on Monday, July 9, 2012 as part of defending the malicious virus. Well, there are multiple ways on the web to verify whether your system is affected by the malware, which has been there since 2007.

Confirm your PC is secure against DNSChanger
To check the status of your computer, please visit any of the following sites



http://www.dns-ok.us/


https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS


http://www.siteadvisor.com/dns_checker.html?cid=109273


The first and last ones have more easier process since they can automatically track your IP address and tell you whether your computer is under attack or not. The FBI site, remember FBI is an agency that has been working for a long time to fight the virus, has a bit complicated process. You will have to type your IP address manually to find the result there. However, the result from FBI is more genuine than the ones from DNS-OK or MacAfee.


What is DNSChanger?
DNSChanger is a severe malware attack against Windows PCs from a set of hackers, who try to make money from online ads through it. Seven hackers – six Estonians and a Russian – are behind the malware attack, which was started back in 2007. Since then, they have been attempting to hack Windows PCs across the world to get clicks for their online ads. As per a last year indictment from the U.S. Attorney General’s Office in New York, the hackers have the goal of generating money through automatic impressions and clicks for their online ads.

The name DNSChanger also stems from the job the hackers are doing with the malware. The virus will automatically change the DNSes of the websites you search on your PC to their sites. That is, as per ABC News (thanks to FBI), “if your computer was infected and you clicked a link to go to Netflix, you would wind up at BudgetMatch.” The practice is simply called ‘click hijacking.’ Well, put it simply, it is a habit of changing the domains of sites you search to the wish of the hackers, who can make some money out of it.

Internet shutdown on July 9
Blackout of internet on July 9 (for the affected PCs) is not anyway the direct result of the contagion as it has been hyped up by some sources for a while. It is actually a precautionary step on the part of FBI, which has been fighting virus for a long time. The U.S intelligence agency earlier created alternative servers for the affected PCs. Since those PCs will not have functioning DMNS on the coming Monday, the agency has decided to shut down the servers of those systems. The result will be that no DNSChanger-affected PC can access web on the day. It will secure the PCs from further complications of the malware attack, as a result.

“Once the FBI got around to fixing the problem in 2011, it realized it couldn’t simply shut down the rogue servers because infected computers would be left without a functioning DNS, leaving them virtually Internet-less. So it set up temporary servers to give malware-infected Internet users time to fix their computers,” says ABC News.

Conclusion
Indeed, it is a matter of concern for all Windows PC users in the world now. There have been discussion over the DNSChanger attack for a while. Some sources even reported that the World Wide Web is facing a crucial end by that day. That is not the case. The Monday internet blackout is just another step against the DNSChanger virus. By the way, you can just make sure whether your PC is not affected using the above noted sites.


FeedCount

Ads 468x60px

Social Icons