The I.Q.D. Team Connection
  • Welcome
  • Iraq News Current
  • PRE & POST RV Information
  • Market Place
  • Twitter Feed
  • Join Our Mailing List
  • Future Of Iraq Project & Other Links
  • The IQD Team Connection Blog & Announcements
  • Quick Links
  • Conf Calls: Recordings
  • Contact Us
  • Financial Planning
  • How to Choose A Financial Advisor
  • Private Bankers: Contacts & Websites
    • Private Bankers - Articles of Interest
  • Computer Security
  • Dinar Dealer & Exchange Info
  • Public Record Sites - Background Checks FREE
  • Real Estate
    • Landlord Tenant Laws & Information
  • Documents: Gifting
  • In Loving Memory of Tim
  • Health & Wellness Blog
  • Health Wellness Products
  • In Loving Memory of Linda

Straight Talkin Mike~~DNSChanger is not the end of the world

5/5/2012

0 Comments

 
DNSChanger is not the end of the world

By Woody Leonhard on May 2, 2012 in Top Story

DNSChanger virus spells ‘Internet Doomsday’ … The end is nigh, according to the FBI … ‘Internet doomsday’ will strike us all on July 9 …

That’s what a couple of popular websites had to say about the DNSChanger virus. What a crock!

I’ve been writing about viruses for about two decades, and I don’t think I’ve ever seen headlines that ridiculous from sources that should know better.

DNSChanger is a real piece of malware — it’s a variant of the TDSS/Alureon family of Trojans — and it was a real problem until taken down Nov. 8, 2011, in a joint FBI–Estonian police action code-named “Operation Ghost Click” (FBI site).

Since then, it seems, DNSChanger has hit headline after headline — with dire warnings. Even local TV news programs have covered it in breathless terms, as if it were the worst thing to ever infect your computer.

Lemme tell ya. It’s easy to write scary headlines such as “New Mac Trojan makes your clicking finger fall off!” (no doubt because Mac mice have only one button) or “Log on to Windows and lose your life savings!” It’s not so easy to examine the threat, digest it, translate it into terms we can all understand, and make a few simple recommendations.

That’s the goal for this column. Is it true that, as a Huffington Post U.K. headline put it, “The end is nigh, according to the FBI!”? I don’t think so.

Exactly what does DNSChanger do? With an estimated four million infected computers — 500,000 in the U.S. alone — DNSChanger was one of the largest botnets ever disassembled. However, despite what you may have read, this botnet wasn’t designed to steal your credit-card numbers or bank-account passwords. DNSChanger rerouted your browser to websites that mostly sold little blue pills, antivirus products that didn’t work, and other scummy stuff.

The people behind DNSChanger received commissions from these fake pharmaceutical companies, rogue antivirus sites, and other unsavory cyber characters. The FBI avers that these “commissions” amounted to more than $14 million.

Typically, DNSChanger infected systems by posing as a codec needed for viewing videos streamed from adult sites. When you clicked to view these bogus videos, Windows Media Player would complain that it didn’t have the right codec. Users then downloaded the codec from the site, gave permission to install the codec, and — well, there you go.

(Given the amount of unauthorized Web surfing on business PCs, it should not be surprising that half of the Fortune 500 companies and roughly half of all U.S. government agencies now have one or more PCs infected with DNSChanger.)

As befits a TDSS/Alureon variant, the infection is a nasty one — full rootkit behavior that’s hard to detect and even harder to clean.

On Windows, the infection changes your computer’s DNS server, usually by hacking the Registry. (If you aren’t familiar with Domain Name Servers — the White Pages of the Internet — check out Susan Bradley’s April 5 Top Story.) With a subverted DNS server, you might type www.google.com into your browser — any browser — and end up at www.buyonlinepharmaceuticalsifyoudare.com. The bad guys set up several DNS servers that did exactly that.

Naturally, if you tried to go to common Web addresses that offer antivirus help, AV scans, patches, advice, or even news about DNSChanger, you were rerouted. Effectively, your browser belonged to DNSChanger.

DNSChanger meets its match on two continents As scary as that DNSChanger sounds, you no longer need fret over it — you no longer have to worry about DNSChanger changing your PC’s DNS server. The FBI and many other organizations — in the U.S. and in Estonia — took DNSChanger down. You might still get an Alureon infection, but it won’t be DNSChanger.

Although it took years, the FBI succeeded in identifying the people directly involved in the scam — six men in Estonia. The agencies also found the IP addresses of the DNSChanger servers: all were located within the U.S.

In a complex, well-coordinated action, Estonian police arrested most of the bad guys, who are now facing extradition to the U.S. To minimize Internet service disruptions to those four million infected PCs, the FBI and Internet Systems Consortium (the nonprofit company that maintains the ubiquitous DNS server software, Binds) pulled off an amazing technical feat: they quickly replaced the malicious servers with legitimate DNS servers. (Many PC users might still not know they’re infected. But at least they’re getting to their intended websites.)

Operation of the DNS server farm was given to a new organization called the DNSChanger Working Group, which consists of representatives from the computer industry and law enforcement. That left the FBI in the position of running a DNS server farm — and also left a nagging question.

The take-down aftermath, and what you can do For those four million PCs, what’s the smarter move: leave users unaware that they’re infected and maintain the servers indefinitely, or gradually shut down the servers and cut off small numbers of users at a time?

It’s a tough choice. There’s no right or wrong answer, from my point of view. The FBI and BINDS could perhaps try to intercept a handful of webpages and put up warnings on them. But that might scare the daylights out of a lot of people and leave them with the task of changing to another DNS server on their own.

The FBI and the DNSChanger Working Group originally had court permission to keep the server farm running until March 8. As the deadline approached, people fretted that shutting off the remaining infected machines (still millions of them, at that point) would cause a lot of panic. So they sought, and received, a court extension to July 9.

Will the DNSChanger Working Group look for another extension after July 9? I think it’s highly likely that they’ll ask for — and receive — an extention. Remember, though, somebody has to pay for running the temporary server farm.

So while we wait for an Internet Armageddon that will never come (at least not from DNSChanger), here’s something you can do (and have all your friends do, as well). Go to the DNSChanger Working Group Detect site and click the link at the bottom for your language or country. (Because you’re reading this in English, you’ll most likely click through to the main DCWG test page.) When you get to the DNS Changer Check-Up page, you’ll see a large graphic — if it’s green, you’re fine; if it’s red, you’re infected.

There are lots of DNSChanger-fixing programs out there. I’ve not run across any infected machines yet; but if I do, my first choice for cleaning them would be Windows Defender Offline, which I wrote about in my Jan. 5 Top Story.

Yep, this is one of the tests even your Aunt Martha needs to take.


Source
                     
0 Comments



Leave a Reply.

    Health Products Favs
    Health Books
    Picture
    filterfluoride
    IGNITEChewable Energy
    Get younger skin the natural way with Chews-4-Health™
    Picture
    Picture
    Liquid Zeolite
    Health Books
    Health Products FAV
    Picture
    Get 50% off Vetisse Jimin Ointment

    Categories

    All
    Articles Of Interest
    Automobile
    Banking
    Banking Laws
    Banking Tools
    Books
    Budget Tips
    Business Start Up
    Calculators
    Calling Help Google
    Cashing In
    Cashing In Info
    Cdars
    Changing State Residency
    Charities
    Check Authenticity Of Dinars
    Computer Security
    Con Men
    Credit
    Credit Cards
    Currency Classifications
    Currency Exchange
    Currency Trading Forex
    Debt
    Delarue
    Dinar Dealers - Check Out License
    Dinar Information
    Email Accounts Set Up
    Entities
    Entities Help
    Fair Debt Collection Practices Act
    Financial Planning
    Financing
    Fincen
    Forex & Currency Converters
    Fractional Banking
    Free
    Free Calling
    Fun
    Gifting
    Health & Wellness
    Home Ownership Help
    Home Safety
    Identity Protection
    Insurance
    Internet Crime Center
    Investing
    Iraq Investing
    Iraq News
    Iraq Stock Exchange Isx
    Lop
    Misc
    Modern Money Mechanics
    Money
    Money Financial Planning
    Money. Financial Planning
    Mortgage Scams
    Mr Anonymous
    Music & Inspiration
    News Sources
    Phone Security
    Post Rv Checklists
    Preparedness
    Pre & Post RV Daily Postings
    Privacy
    Private Banking
    Questions To Ask Professionals
    Real Estate
    Retirement
    Rfid Be Aware
    Safes
    Scam & Fraud
    Scam & Fraud
    Security
    Self Help
    Sent In By Our Listeners
    Shopping
    Straight Talkin Mike
    Sudden Wealth
    Tag Account
    Taxes
    Telephone
    Travel
    Twitter
    Veterans Assistance
    Words Of Wisdom

    Garden of Life