Rules
Terms of Use

Topic Options
#807430 - Sun Jul 08 2012 07:31 AM DNS Changer Malware
mehaul Offline
Forum Champion

Registered: Wed Feb 03 2010
Posts: 6407
Loc: Florida USA
A report on CNN today tells about some bad guys who infected the net with a program that would take the address (URL) you wanted to go to and convert the equivalent number string (which is how the addresses are actually handled) into a string of their choosing, sending you to a site that looked like the one you wanted but was actually under their command. The FBI busted the guys (from a former Eastern Bloc country - why FBI? International Server Committeee asked them to) but the program is still running. The law people are taking two major steps to combat the problem: Set up a site to clean people's computers of the malware; and, tomorrow, servers around the world will stop accepting transfer strings from infected computers. This info may not be entirely exact in the details, but tomorrow you could lose use of the internet if you or your ISP's system is infected.
The site they set up to do a check and clean if necessary is at http://dcwg.org. When you select the detect option you will then see a screen that allows you to select the language your PC operated in. Click it. If you get a green background for your weeble people, you're safe. If you get a red background for them, do go backs to the first screen and click the fix-it link. REM: even though you may be okay, your ISP may not so you could still experience trouble on Monday. Good luck.
_________________________
If you aren't seeing Heaven while you dream, you're doing something wrong.
Dreams allow escape from the passage of Time.

The ultimate activity is the Dream.

Top
#807447 - Sun Jul 08 2012 09:30 AM Re: DNS Changer Malware [Re: mehaul]
dippo Offline
Mainstay

Registered: Sat Jun 14 2008
Posts: 719
Loc: London
England UK         
This has been going on for several months.

Top
#807458 - Sun Jul 08 2012 09:55 AM Re: DNS Changer Malware [Re: dippo]
mehaul Offline
Forum Champion

Registered: Wed Feb 03 2010
Posts: 6407
Loc: Florida USA
And tomorrow is the deadline for that second step of action: making the servers refuse access to uncleaned requestors of service. That means if you haven't been checked out and cleaned up, you won't be able to access the site that will do the cleaning for you after tomorrow.

Edit to explain some terms:

DNS:
Domain Name System

DNS Changer:
The software that went into your local network configuration files and CHANGED the setting from "automatically request correct destination codes" to "Use these codes instead..."

DCWG:
D NS
C hanger
W orking
G roup

Detect:
sees if your files are set to the "automatically request correct code..." option

Fix:
Unselects the "use these codes" option and selects the "automatically request correct code..."

So it's more of needing a virtual mechanic to go in and make sure all your internal file toggle switches are in the normal operating positions than it is like a pest exterminator coming in and spraying anti-virals all over the place to kill viruses and worms. Killing this worm can still leave your toggles in the wrong position and by tomorrow the place those toggles tell your browser to go will no longer work, you'll be dead in the water without correct toggling.


Edited by mehaul (Sun Jul 08 2012 12:51 PM)
_________________________
If you aren't seeing Heaven while you dream, you're doing something wrong.
Dreams allow escape from the passage of Time.

The ultimate activity is the Dream.

Top
#807558 - Sun Jul 08 2012 04:59 PM Re: DNS Changer Malware [Re: mehaul]
pyonir Offline
Mainstay

Registered: Sat Apr 25 2009
Posts: 873
Loc: Minnesota USA
I actually posted about this in April. http://www.funtrivia.com/forums/ubbthrea...s_in#Post788206

Top
#807591 - Sun Jul 08 2012 10:13 PM Re: DNS Changer Malware [Re: pyonir]
mehaul Offline
Forum Champion

Registered: Wed Feb 03 2010
Posts: 6407
Loc: Florida USA
At this time more than half the world is already in July 9, 2012. I searched but could find no time zone specific to that date for the shut down of infected/effected computers. Since a lot of this is US gov handled. I think this just passed top of the hour was


Edit: was East Coast USA, Washington DC time for the 9th of July. The break in text was an attempt at disconnect humor. Please, forgive.


Edited by mehaul (Sun Jul 08 2012 11:12 PM)
_________________________
If you aren't seeing Heaven while you dream, you're doing something wrong.
Dreams allow escape from the passage of Time.

The ultimate activity is the Dream.

Top
#807748 - Mon Jul 09 2012 02:06 PM Re: DNS Changer Malware [Re: mehaul]
mehaul Offline
Forum Champion

Registered: Wed Feb 03 2010
Posts: 6407
Loc: Florida USA
The DCWG changed its check site today. They are collecting data today (I guess they are calculating how big the remaining population of unfixed PCs could be). My experience today was that the weeble people green background came up by just accessing the DCWG site. Reading related articles below the top working area, it is found that the bad computers/servers will be disconnected at midnight Eastern USA Time (10 PM FT Time). That is when machines that are unfixed will no longer be able to access the internet.
_________________________
If you aren't seeing Heaven while you dream, you're doing something wrong.
Dreams allow escape from the passage of Time.

The ultimate activity is the Dream.

Top
#807805 - Mon Jul 09 2012 05:34 PM Re: DNS Changer Malware [Re: mehaul]
mehaul Offline
Forum Champion

Registered: Wed Feb 03 2010
Posts: 6407
Loc: Florida USA
CNN has reported impact figures already. Maybe the author and his editor let slip a EDT instead of the GMT it was supposed to be? Can we send CNs to DCWG?
The numbers reported:
200,000 off line;
40,000 in the USA alone.
Those are lower figures than expected.
It still means that many will be buying new machines when all they need do is reset their toggles.
_________________________
If you aren't seeing Heaven while you dream, you're doing something wrong.
Dreams allow escape from the passage of Time.

The ultimate activity is the Dream.

Top
#807807 - Mon Jul 09 2012 05:46 PM Re: DNS Changer Malware [Re: mehaul]
pyonir Offline
Mainstay

Registered: Sat Apr 25 2009
Posts: 873
Loc: Minnesota USA
They don't need to get a new machine. Kaspersky has a fix for it that has worked. Information here: http://support.kaspersky.com/faq/?qid=208283363

Top
#807810 - Mon Jul 09 2012 06:56 PM Re: DNS Changer Malware [Re: pyonir]
mehaul Offline
Forum Champion

Registered: Wed Feb 03 2010
Posts: 6407
Loc: Florida USA
I hope you can see the humor in what you just proposed? Folks who have a PC that won't let them onto the net can find a solution at a website! And anyone who is here reading it doesn't need any fixing.

Many won't even know the cause of their problem and will just go out and buy a new one.

I went to the kaspersky site and put DNS Changer into their search engine and got no results. Is there another code name to search for there?


Edited by mehaul (Mon Jul 09 2012 07:07 PM)
_________________________
If you aren't seeing Heaven while you dream, you're doing something wrong.
Dreams allow escape from the passage of Time.

The ultimate activity is the Dream.

Top
#807822 - Mon Jul 09 2012 07:44 PM Re: DNS Changer Malware [Re: mehaul]
pyonir Offline
Mainstay

Registered: Sat Apr 25 2009
Posts: 873
Loc: Minnesota USA
I linked directly to the program to use. The malware is a rootkit, and TDSSKiller cleans rootkit infections.

There is no humor there. Many, many people can connect to the internet through more than one medium (work, coffee shop, friends house, relative, etc) and download it to a USB device for use. If it helps one single person, it was worth posting.

Top
#807828 - Mon Jul 09 2012 08:53 PM Re: DNS Changer Malware [Re: pyonir]
mehaul Offline
Forum Champion

Registered: Wed Feb 03 2010
Posts: 6407
Loc: Florida USA
A lot of folks won't want anyone who knows how to look at computers to look at their internet, now unfriendly, machines. The nature of the source of most infections (as reported, which I acannot attest to) was from porn site surfing. Many will now posssibly want just a netbook to do their surfing since that will do the same and is only a couple hundred dollars.
I'm guessing most tech savy PC users checked out their machines before the deadline so those who could do a download from another machine (public library?) most likely had a clean machine to begin with. But it just may turn out the biggest hit for down machines would be those public access units! Who knows where they've been passed through with hundreds of users. Public payroll cutbacks may have in many cases let go the very people who could have risen to the challenge to protect the public property.
Wait and see. Nice discussion pyonir.
_________________________
If you aren't seeing Heaven while you dream, you're doing something wrong.
Dreams allow escape from the passage of Time.

The ultimate activity is the Dream.

Top
#807886 - Tue Jul 10 2012 11:03 AM Re: DNS Changer Malware [Re: mehaul]
mehaul Offline
Forum Champion

Registered: Wed Feb 03 2010
Posts: 6407
Loc: Florida USA
Here's where learning the country codes in quizzes comes in handy. This is the "Victim Count" according to DCWG I copied for the nations showing big numbers:
US - 41557
IT - 17074
DE - 15356
IN - 14713
GB - 12903
CN - 8558
FR - 7870
CA - 7289
JP - 5522
AU - 5290
MX - 4573
BR - 4394
AR - 4221
RU - 3649
PL - 3504
ES - 3286
HU - 3013
NL - 1216
_____________
Total from (it seems) the leading industrial nations about 150,000 machines needing repair or repalcement. Also, we shouldn't ignore the fact that losing 800 PCs in some third world country is most devastating.

Edit: This data and more and in interesting presentations can be found at:
http://www.dcwg.org/2012/
Which is where you're linked to from hitting "News" in the title bar on the old check up page.

Edit 2: The timetable has cleared up too. They made the switch at Sun/Mon (8th/9th) midnight EDT. It then took about twelve hours for the data to be compiled and released early in the afternoon of the 9th.


Edited by mehaul (Tue Jul 10 2012 12:09 PM)
_________________________
If you aren't seeing Heaven while you dream, you're doing something wrong.
Dreams allow escape from the passage of Time.

The ultimate activity is the Dream.

Top

Moderator:  flopsymopsy, ladymacb29