Spyware, viruses, & security forum: Fact or fiction: People could lose their Internet connection in July?

The FBI has actually done you a favor.

Instead of shutting the servers responsible for the DNS Changer botnet down, they have kept them up and running. Why? Millions of computer users were infected by this trojan, and shutting these servers down would instantly result in loss of internet access for those millions still infected.

This is because of the way the malware writers set up the botnet. DNS Changer trojan reported back to the servers the gang used to run/own; infected systems would be directed here for all internet access, and then would go out to wherever the user wanted to go. Unfortunately, this also meant the infected system was, for all practical purposes, owned by this gang, for as long as they continued to operate. They made their money on a pay-per-click basis based on fraudulent advertising revenue for each system infected, so every system user unknowingly and unwittingly made them money as they surfed the internet.

When the FBI and others arrested the members responsible, they also took possession and control of these servers. This happened on November 9th, 2011. The DNS Changer organization had been in operation for more than five years at that point, beginning sometime in 2007.

Owning a system on the internet that is not yours is very profitable; there are myriad ways of making money off the data stolen, identity theft, etc. In hackers lingo, you are pwnd if this happens to you.

It is up to the user to check for infection, and remove/clean it if found. Tools and instructions are provided @ http://www.dcwg.org on how to check and clean if necessary.

So, in short, use the above site to see if you are infected. If you are not, you have nothing to worry about. If, however, you are infected, and you are not comfortable in cleaning an infected system, take it to a reputable local computer shop you know and trust. But get this done sometime before July 9th, 2012.

The FBI and the court system has extended the cutoff date for the cessation of the DNS Changer servers operation twice already; one of the latest estimates say that some 3,000,000 systems are still infected as of two days ago. If these servers were shut down today, that would mean three million users suddenly without internet access. Some of those users are in a corporate environment, alas.

Note: This post was edited by its original author to fix incorrect link on 05/04/2012 at 5:40 PM PT

Alureon rootkit family.

What is a rootkit? here: http://en.wikipedia.org/wiki/Rootkit

Since it is a rootkit, it will hide from antivirus programs, is difficult to detect and difficult to remove/clean.

Luckily most a/v's now detect and remove this infection. But even then, a/v's cannot clean and disinfect your router or dsl modem because most do not scan your internet device.

So, no, changing the DNS IP address would not work if the gang was still active and in control of you computer. If you do not like the FBI or http://www.dcwg.org/ having control of your computer through the DNS Changer Trojan, and you still have this infection, then by all means clean it and use a free DNS vendor such as http://www.opendns.com/ to ensure that this is still not the case. As long as the DNS Changer Trojan is still there, you are always going to the server farm the FBI and dowg.org is still running for all your internet access.

I'm reading thru this and I'm not sure if the implication is that the traditional virus and malware programs that I have installed on my machine (and which I use, and which has not found any such infections), are unable to detect this trojan.

Can someone please answer this simple question?

Nice video. Just be sure to not watch until the very end of the video; some viewers might be offended by somewhat graphic content not related to the video posted. It is a link posted within the article that indirectly is posted to YouTube, after all.

Imagine being able to read and view https:// via WiFi content using that or other rootkit! Terrible invasion of one's privacy. Should not happen. Ever.

not only trojan , Barbara was The culprit

So, the gov, runs servers for infected computers? Really, the gov cares if your computer crashes?

Talk about an easy way to get gazillions of people to load bogus patches & software! I have read the article & "if you have a reputable anti-virus software, you're okay". Well duh!

If you have registered software, legally, you shouldn't have any issues with your computer anyhow. But if you're concerned, by all means, take your computer to a trusted computer repair facility. Either have them check it out, or reformat your computer. Or better yet, find someone you know who does this & flip them a few bucks.

Just my thoughts.

DNS servers across the Internet translate URL word-addresses to the IP numeric ones actually needed by network devices. Until shut down last November, a bot-net distributed various malwares which changed DNS settings of infected devices so requests for this translation service went instead to bogus servers which in turn directed traffic to spoofing and virus-infected websites. Antivirus programs might or might not have caught the several variants attacking a PC, but the malware also targeted router settings and network devices not usually protected by such software. The Internet Systems Consortium has been running DNS servers to replace those involved in the infection, but they will discontinue this court-ordered effort by July 9. Thus, no one will terminate any Internet service in July or any other date, but if your PC or router has been redirected to one of the phony DNS servers, it will find nothing to connect to when the temporary corrective services are ended.

The website dcwg.org, for DNS Changer Working Group, will quickly check your system for evidence of erroneous DNS redirection. Although DNS entries can easily be corrected manually, the site also links to a dozen or so free, commercial malware removal sites which will scan for viruses and remove them, and reset the DNS entries for you. This list of free tools is excellent to keep for any future needs, whether or not DNS-related. Administrative rights are not needed for the DNS check, but are required for the corrective tools.

(As an alternative to DNS settings suggested by your ISP, both OpenDNS.com and Google (https://developers.google.com/speed/public-dns/docs/intro) provide DNS servers claiming improved security or features which can be freely used by setting your DNS pointers to the IP numbers which they provide.)

I know it sounds highly improbable, but if you type in fbi.gov you will find the information on the FBI home page (article # 1 of 4 that are scrolling). If you type it yourself you are not clicking on somebody else's link. I would say that the FBI posting this is pretty conclusive evidence that something exists.

And I agree that your computer is probably fine, but it won't hurt you to check and the FBI is not a bad place to do so). If you should have a problem, it is a rootkit, so I don't believe running a scan will fix it. If mine had turned up infected (probably not the correct word for this particular issue), I would be going to my local computer pro to get it taken care of.

That phrase and similar phrases "let sleeping dogs lay" are quite appropriate.

If you don't have a problem then don't be overly concerned and don't let thing you "hear about" convince you otherwise.

Certainly we all need to be aware of our use of computers and we all need to keep up to date with appropriate protective software. We do not however need to exceed normal practice.

You have every right to be concerned about scams, there are now so many it is very difficult to know just what is a scam. Even the instance you raise here "could" be a scam. Even if it is the FBI and even if it is a genuine attempt to keep everything ok, how do you/we know what may or may not happen with your pc? For all we know the FBI could be using this action to install "monitoring" software on your pc.

These days we are all potentially vulnerable to threats from "within". We have so many hardware/software features that continually check for updates. Microsoft being the most prolific updater. I am about to install (reinstall my complete system and I have decided to not allow any auto updating if I can turn it off. Hopefully this will also improve the computers performance.

For (I hope) most people, their computer system should be invisible on the net. You can use this web site to test your computer for security. http://www.grc.com/default.htm (no affiliation, I use it to check my pc).

Providing you have suitable AV and malware protection and your physical modem connection to the phone line (hardware or wireless) has its inbuilt firewall turned on, then you can be reasonably assured you are safe from virus attacks..

Most security breaches are not from brute force attacks on a pc, because as mentioned, with the correct precautions, your pc should be "invisible" on the net. Most breaches are gained by obtaining just enough information (an initial basic password verbally given to someone) to gain a "foothold" within a computer system. Once "on the inside" computer access becomes MUCH easier.

FWIW, I choose NOT to have Microsoft updates installed. I turn off automatic updates and the incessant reminders completely. I decide when my computer gets updated and with what, I have don so for many years. From the hundreds of so called security and other updates, I have only ever NEEDED one "fix". I updated this fix myself (a long time ago now).

This may not be appropriate for everyone and while I cannot recommend it for everyone, I DO ensure that systems I supply to MY clients, do not have automatic updates turned on.

I can therefore be assured that MY (and my clients') computers remain in a known state - and I know the state. WITHOUT this "control" if the computer performs differently or erratically, how would I know if the problem is an unnecessary MS update or some other influencing factor?

In summary then, be aware but not paranoid. Do NOT perform actions based on something like you describe in your question. Your AV software SHOULD have detected something - though it may not perform such a detection until the latest AV reference data has been installed.

Unless you are sure that any action you take is valid, make a careful assessment of such action.

In the example you give, I would NOT visit the (FBI?) web site and for what it's worth I have heard nothing about the site you mention. I would have thought that any FBI based web site would have a ".gov" suffix or be a location within the FBI web site such as "http://www.fbi.gov/about-us/faqs".

I hope this helps. Keep safe

Kind regards

Peter

This can harm your computer and make it useless. You can call your local FBI ofice and they will confirm it. The website is lso legitimate and has been posted by News organizations, TV Stations and featured on NBC, CBS and CNN. Those here telling you to ignore it may be members of that group or just think it is funny to have your computer shut down.

Ok, for "research purposes" and the sake of completeness I visited the site. http://www.dns-ok.us/

This served to prove my point, my computer is not infected. I did not expect it to be infected. My computer is effectively invisible on the net. Use the web site I provided in my first message to check your own computer if you wish.

*IF* the web site had been a scam (I know it's not), the text below (from their web site) does nothing to help the situation. A scam site could just as easily use this or similar wording and play havoc with someone's computer, hence my comment I would NOT visit the site.

====
"For example, the http://www.dns-ok.us/ will state if you are or are not infected (see below).

No Software is Downloaded! The tools do not need to to load any software on your computer to perform the check.
No changes are performed on your computer! Nothing is changed on your computer when you use sites like http://www.dns-ok.us/.
No scanning! The "are you infected with DNS Changer" tool does not need to scan your computer."
===


I did not suggest to anyone they should not visit the site - that is their own choice. I did say I would not visit the site, for reasons already given.

It was notable that a persons computer could be infected and the detection service offered may not have shown it to be infected.

It is very difficult for less knowledgeable computer users to be aware of potential scams or other malicious threats on the net, hence my advice to not take actions without due consideration.

I do not treat computer security lightly. However I am also not paranoid about security after all there is only so much you can do on a "personal" level. A proper and preferably hardware based firewall like that built in to most (all) quality modems is a must of course, AV software and correct computer configuration should be all that is needed.

<div>A decent modem should make the computer(s) connected to it,


"invisible" on the net.</div>
...and for the other posted reply, providing the precautions I mentioned are implemented, NONE of what I stated will harm anyone's computer nor render it useless.

(FWIW I have been involved with computers since circa 1975)

regards

Peter

Retraction:

I have flagged this post, myself, asking the mods to remove it because the link I pasted ileads to the wrong place (NOT malicious, just wrong). I meant to direct readers to an article by the name of "How To Check If a Website Is Safe" at this URL: http://www.brighthub.com/computing/smb-security/articles/31108.aspx

If the mods choose to delete that post as asked, fine. They may also delete this one if they want.

Please accept my apologies.

.....But I still feel pretty darned stoopid[sic]. LOL!?

... Beware that you may be backing up an infection. If you clean up a computer after you back your files up, when you access your backup you may reinfect your computer, in case there is no real-time anti-malware protection running on the computer capable of detecting and blocking/eliminating the malware. That would be the case, for example, if you had to use specific tools to clean an infection, and your anti-virus alone wouldn't detect/clean it. Therefore, if you suspect your computer has malware, run anti-malware software before backing it up. Both are extremely important: backing up regularly and having regular anti-malware/anti-virus updates and scans.

I saw an article that was very vague and not very helpful as far as what users can do. They make a casual mention of dcwg.org. Who's gonna hand their computer over to them when there's not even a hint as to who they are.