Dismiss Notice
You are browsing this site as a guest. It takes 2 minutes to CREATE AN ACCOUNT and less than 1 minute to LOGIN

FBI Advises Internet Users To Test For DNSChanger

Discussion in 'Tech, Gadgets & Science Forum' started by BabuK, Apr 22, 2012.

  1. BabuK

    BabuK JF-Expert Member

    #1
    Apr 22, 2012
    Joined: Jul 30, 2008
    Messages: 1,841
    Likes Received: 66
    Trophy Points: 145

    [​IMG]

    The US Federal Bureau of Investigation (FBI) has issued another warning to computer owners to check their desktops and laptops for a piece of malware that could cause them to lose Internet access in a few months if the problem is not addressed.
    According to the Daily Mail, the DNSChanger malware is the result of an advertising scam launched by hackers last year, and many people still have the program on their computers without even realizing it. The FBI set up a system several months ago which used government computers to prevent disruptions for those with infected hardware, but that system is soon to be phased out.
    On Saturday, PCMag‘s Damon Poeter wrote that the bureau believes that as many as half a million computers are still infected with DNSChanger, and they could lose their Internet connection by July 9 due to the shutdown of the FBI’s workaround system. They are encouraging users to visit the DCWG website and follow the onscreen instructions to determine whether or not their computers are infected, and how to remove the Trojan if it is, in fact, on their system.
    Last November, the FBI joined with other law enforcement officials to break up the hacking ring behind the Internet ad scam and the DNSChanger Trojan, according to Lolita C. Baldor of the Associated Press (AP). Poeter said that they seized approximately 100 servers in that bust, and arrested six individuals in Estonia connected with the malware.
    “We started to realize that we might have a little bit of a problem on our hands because … if we just pulled the plug on their criminal infrastructure and threw everybody in jail, the victims of this were going to be without Internet service,” Tom Grasso, an FBI supervisory special agent, told Baldor. “The average user would open up Internet Explorer and get ‘page not found’ and think the Internet is broken.”
    He added that, due to the forthcoming shutdown of the workaround program, the agency was entering “full court press” mode to try and get people to test their Windows and Mac computers, before it’s too late.
    Statistics printed by the Daily Mail say that the FBI believed that at least 568,000 unique Internet addresses were using those servers on the day of the arrest. As of now, they believe that there are still as many as 360,000 computers infected, with 85,000 of them residing in the US and more than 20,000 each in Italy, India, Germany and the UK. Most of them are believed to be home-based computers.


    Source: RedOrbit Staff & Wire Reports

     
  2. BabuK

    BabuK JF-Expert Member

    #2
    Apr 22, 2012
    Joined: Jul 30, 2008
    Messages: 1,841
    Likes Received: 66
    Trophy Points: 145
    [h=3]Checking Windows 7 for Infections[/h]The easiest way to check if your system is violated with DNS Changer malware is to go to one of the “are you infected sites” (see below). These sites only require someone to visit. The “are you infected site” will inform you if you are infected.
    Note: These sites only detect for DNS Changer. You might be infected with other malware. Please take appropriate precautions to protect your computer.

    [TABLE="class: bluedream, width: 100%"]
    [TR="bgcolor: transparent"]
    [TD="class: pkg_1333344920027 Row, bgcolor: transparent, align: left"]URL[/TD]
    [TD="class: pkg_1333344921609 Row, bgcolor: transparent, align: left"]Language[/TD]
    [TD="class: pkg_1333344922766 Row, bgcolor: transparent, align: left"]Maintainer[/TD]
    [/TR]
    [TR="class: odd"]
    [TD="class: pkg_1333344920027 ftr_1333344917852, bgcolor: transparent, align: left"]www.dns-ok.us[/TD]
    [TD="class: pkg_1333344921609 ftr_1333344917852, bgcolor: transparent, align: left"]English[/TD]
    [TD="class: pkg_1333344922766 ftr_1333344917852, bgcolor: transparent, align: left"]DNS Changer Working Group (DCWG)[/TD]
    [/TR]
    [TR="bgcolor: transparent"]
    [TD="class: pkg_1333344920027 ftr_1333344965213, bgcolor: transparent, align: left"]www.dns-ok.de[/TD]
    [TD="class: pkg_1333344921609 ftr_1333344965213, bgcolor: transparent, align: left"]German[/TD]
    [TD="class: pkg_1333344922766 ftr_1333344965213, bgcolor: transparent, align: left"]Bundeskriminalamt (BKA) & Bundesamt für Sicherheit in der Informationstechnik (BSI)[/TD]
    [/TR]
    [TR="class: odd"]
    [TD="class: pkg_1333344920027 ftr_1333345114147, bgcolor: transparent, align: left"]www.dns-ok.fi[/TD]
    [TD="class: pkg_1333344921609 ftr_1333345114147, bgcolor: transparent, align: left"]Finnish, Swedish, English[/TD]
    [TD="class: pkg_1333344922766 ftr_1333345114147, bgcolor: transparent, align: left"]CERT-FI is the Finnish national reporting point for computer security incidents and information security threats. CERT-FI is also responsible of maintaining the national information security situation awareness system.[/TD]
    [/TR]
    [TR="bgcolor: transparent"]
    [TD="class: pkg_1333344920027 ftr_1333345140580, bgcolor: transparent, align: left"]www.dns-ok.ax[/TD]
    [TD="class: pkg_1333344921609 ftr_1333345140580, bgcolor: transparent, align: left"]Swedish, Finnish, English[/TD]
    [TD="class: pkg_1333344922766 ftr_1333345140580, bgcolor: transparent, align: left"]CERT-FI is the Finnish national reporting point for computer security incidents and information security threats. CERT-FI is also responsible of maintaining the national information security situation awareness system.[/TD]
    [/TR]
    [TR="class: odd"]
    [TD="class: pkg_1333344920027 ftr_1333345183872, bgcolor: transparent, align: left"]www.dns-ok.be[/TD]
    [TD="class: pkg_1333344921609 ftr_1333345183872, bgcolor: transparent, align: left"]Dutch/French[/TD]
    [TD="class: pkg_1333344922766 ftr_1333345183872, bgcolor: transparent, align: left"]CERT-BE is the primary Belgian contact point for dealing with Internet security threats and vulnerabilities affecting Belgian interests.[/TD]
    [/TR]
    [TR="bgcolor: transparent"]
    [TD="class: pkg_1333344920027 ftr_1333345201970, bgcolor: transparent, align: left"]www.dns-ok.fr[/TD]
    [TD="class: pkg_1333344921609 ftr_1333345201970, bgcolor: transparent, align: left"]French[/TD]
    [TD="class: pkg_1333344922766 ftr_1333345201970, bgcolor: transparent, align: left"]Le CERT-LEXSI est la division de veille et d'enquête sur Internet, dédiée à la protection du patrimoine en ligne des organisations.[/TD]
    [/TR]
    [TR="class: odd"]
    [TD="class: pkg_1333344920027 ftr_1333345227264, bgcolor: transparent, align: left"]www.dns-ok.ca[/TD]
    [TD="class: pkg_1333344921609 ftr_1333345227264, bgcolor: transparent, align: left"]English/French[/TD]
    [TD="class: pkg_1333344922766 ftr_1333345227264, bgcolor: transparent, align: left"]Canadian Internet Registration Authority (CIRA) and Canadian Cyber Incident Response Centre (CCIRC)[/TD]
    [/TR]
    [TR="bgcolor: transparent"]
    [TD="class: pkg_1333344920027 ftr_1333345252423, bgcolor: transparent, align: left"]www.dns-ok.lu[/TD]
    [TD="class: pkg_1333344921609 ftr_1333345252423, bgcolor: transparent, align: left"]English[/TD]
    [TD="class: pkg_1333344922766 ftr_1333345252423, bgcolor: transparent, align: left"]CIRCL (Computer Incident Response Center Luxembourg) is the national Computer Security Incident Response Team (CSIRT - CERT) coordination center for the Grand-Duchy of Luxembourg[/TD]
    [/TR]
    [TR="class: odd"]
    [TD="class: pkg_1333344920027 ftr_1333345308086, bgcolor: transparent, align: left"]www.dns-ok.nl[/TD]
    [TD="class: pkg_1333344921609 ftr_1333345308086, bgcolor: transparent, align: left"]Dutch[/TD]
    [TD="class: pkg_1333344922766 ftr_1333345308086, bgcolor: transparent, align: left"]SIDN (the Foundation for Internet Domain Registration in the Netherlands)[/TD]
    [/TR]
    [TR="bgcolor: transparent"]
    [TD="class: pkg_1333344920027 ftr_1333345349500, bgcolor: transparent, align: left"]dns-ok.gov.au[/TD]
    [TD="class: pkg_1333344921609 ftr_1333345349500, bgcolor: transparent, align: left"]English[/TD]
    [TD="class: pkg_1333344922766 ftr_1333345349500, bgcolor: transparent, align: left"]CERT Australia, Stay Smart Online, and Australian Communications and Media Authority joint page on DNSChanger Information[/TD]
    [/TR]
    [TR="class: odd"]
    [TD="class: pkg_1333344920027 ftr_1333345373531, bgcolor: transparent, align: left"]dns-changer.eu[/TD]
    [TD="class: pkg_1333344921609 ftr_1333345373531, bgcolor: transparent, align: left"]German, Spanish, English[/TD]
    [TD="class: pkg_1333344922766 ftr_1333345373531, bgcolor: transparent, align: left"]ECO (Association of the German Internet Industry)[/TD]
    [/TR]
    [TR="bgcolor: transparent"]
    [TD="class: pkg_1333344920027 ftr_1333345301015, bgcolor: transparent, align: left"][/TD]
    [TD="class: pkg_1333344921609 ftr_1333345301015, bgcolor: transparent, align: left"][/TD]
    [TD="class: pkg_1333344922766 ftr_1333345301015, bgcolor: transparent, align: left"][/TD]
    [/TR]
    [TR="class: odd"]
    [TD="class: pkg_1333344920027 ftr_1333345324763, bgcolor: transparent, align: left"][/TD]
    [TD="class: pkg_1333344921609 ftr_1333345324763, bgcolor: transparent, align: left"][/TD]
    [TD="class: pkg_1333344922766 ftr_1333345324763, bgcolor: transparent, align: left"][/TD]
    [/TR]
    [/TABLE]

    [h=3]Manually Checking for DNS Changer Infections[/h]The following are the original manual checks to see if you computer is infected with any of the DNS Changer malware.
    To check if your Windows 7 machine is infected, first click the “Start” icon.[​IMG]





    This opens the Windows Menu. Click on the “Search” field at the bottom.[​IMG]





    [​IMG]Type in cmd, and hit enter.






    [​IMG]This opens a DOS shell. In the DOS shell, type in the command:
    ipconfig /allcompartments /all
    and hit enter. (Windows users might be used to just typing “ipconfig /all“. This also works, but might not list all the routing compartments if you have a VPN setup in Windows7.)


    [​IMG]The output will be very long, since Windows7 by default has support for IPv6. Most likely, you want to look for the IPv4 information under the section entitled “Ethernet adapter…”. Look for the “DNS Servers” line, and write down these numbers. There may be two IP addresses listed there.
    [h=3][/h][h=3][/h][h=3][/h][h=3]Are Your DNS Settings OK?[/h]The malicious Rove viruses changed some peoples DNS settings to use computers they operated. Compare your DNS settings with the known malicious Rove DNS settings listed below:

    [TABLE="class: bluedream, width: 100%"]
    [TR="bgcolor: transparent"]
    [TD="class: pkg_1332429431724 Row, bgcolor: transparent, align: left"]Starting IP[/TD]
    [TD="class: pkg_1332429448704 Row, bgcolor: transparent, align: left"]Ending IP[/TD]
    [TD="class: pkg_1332429456097 Row, bgcolor: transparent, align: left"]CIDR[/TD]
    [/TR]
    [TR="class: odd"]
    [TD="class: pkg_1332429431724 ftr_1332429458736, bgcolor: transparent, align: left"]85.255.112.0[/TD]
    [TD="class: pkg_1332429448704 ftr_1332429458736, bgcolor: transparent, align: left"]85.255.127.255[/TD]
    [TD="class: pkg_1332429456097 ftr_1332429458736, bgcolor: transparent, align: left"]85.255.112.0/20[/TD]
    [/TR]
    [TR="bgcolor: transparent"]
    [TD="class: pkg_1332429431724 ftr_1332429523346, bgcolor: transparent, align: left"]67.210.0.0[/TD]
    [TD="class: pkg_1332429448704 ftr_1332429523346, bgcolor: transparent, align: left"]67.210.15.255[/TD]
    [TD="class: pkg_1332429456097 ftr_1332429523346, bgcolor: transparent, align: left"]67.210.0.0/20[/TD]
    [/TR]
    [TR="class: odd"]
    [TD="class: pkg_1332429431724 ftr_1332429553673, bgcolor: transparent, align: left"]93.188.160.0[/TD]
    [TD="class: pkg_1332429448704 ftr_1332429553673, bgcolor: transparent, align: left"]93.188.167.255[/TD]
    [TD="class: pkg_1332429456097 ftr_1332429553673, bgcolor: transparent, align: left"]93.188.160.0/21[/TD]
    [/TR]
    [TR="bgcolor: transparent"]
    [TD="class: pkg_1332429431724 ftr_1332429572818, bgcolor: transparent, align: left"]77.67.83.0[/TD]
    [TD="class: pkg_1332429448704 ftr_1332429572818, bgcolor: transparent, align: left"]77.67.83.255[/TD]
    [TD="class: pkg_1332429456097 ftr_1332429572818, bgcolor: transparent, align: left"]77.67.83.0/24[/TD]
    [/TR]
    [TR="class: odd"]
    [TD="class: pkg_1332429431724 ftr_1332429593697, bgcolor: transparent, align: left"]213.109.64.0[/TD]
    [TD="class: pkg_1332429448704 ftr_1332429593697, bgcolor: transparent, align: left"]213.109.79.255[/TD]
    [TD="class: pkg_1332429456097 ftr_1332429593697, bgcolor: transparent, align: left"]213.109.64.0/20[/TD]
    [/TR]
    [TR="bgcolor: transparent"]
    [TD="class: pkg_1332429431724 ftr_1332429618088, bgcolor: transparent, align: left"]64.28.176.0[/TD]
    [TD="class: pkg_1332429448704 ftr_1332429618088, bgcolor: transparent, align: left"]64.28.191.255[/TD]
    [TD="class: pkg_1332429456097 ftr_1332429618088, bgcolor: transparent, align: left"]64.28.176.0/20[/TD]
    [/TR]
    [/TABLE]

    [h=3]What if I’m infected?[/h]If you computer is infected, please refer to our page that list tools to clean DNS Changer and other self help guides to clean your computer – Fix | DCWG
     
  3. dlink

    dlink Member

    #3
    Apr 22, 2012
    Joined: Nov 19, 2011
    Messages: 70
    Likes Received: 5
    Trophy Points: 15
    this shit is helpfull!!
    THX babu
     
Loading...