Results 1 to 10 of 10
  • Thread Tools
  1. iNET Interactive
    Join Date
    Jan 2011
    Location
    Seattle, WA
    Posts
    576
    Thanks
    7
    Thanked 59 Times in 47 Posts

    DNSChanger is not the end of the world




    TOP STORY

    DNSChanger is not the end of the world


    By Woody Leonhard

    DNSChanger virus spells 'Internet Doomsday' The end is nigh, according to the FBI 'Internet doomsday' will strike us all on July 9
    That's what a couple of popular websites had to say about the DNSChanger virus. What a crock!

    The full text of this column is posted at WindowsSecrets.com/top-story/dnschanger-is-not-the-end-of-the-world/ (opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

  2. Subscribe to our Windows Secrets Newsletter - It's Free!

    Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. New Lounger
    Join Date
    Mar 2012
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Question I have to question the FBI's motives.

    I have seen several articles on the internet, including this one, that praise the FBI for the altruistic act of providing replacement DNS severs for the bogus hijacked ones run by the DNSchanger botnet.

    As a IT professional I really have no qualms about terminating service for people who's computers are infected. By not doing so and allowing the replacement servers to continue to run for months, millions of infected computers with NO antivirus protection were allowed to continue to surf the net unaware of problems and thus unprotected. What other botnets could use this as a breeding ground? Terminating their service would prompt them to seek professional help, not doing so lets compromised pcs continue to run unprotected. Which is harmful to everyone.

    Since when is law enforcement obligated to provided replacement services that have been disrupted by criminals? They never have before so why are they now? By running a DNS server the FBI, like ANYONE that runs a DNS server, can track who is accessing it and what websites are being requested. (Yes boys and girls, your ISP, OpenDNS, or Google can track you!) I wonder if that is not the real goal. Why should being the unfortunate victim of a virus place your 4th amendment rights to privacy at risk. To me THAT is the real story here and no one seems to be interested in it.

  4. New Lounger
    Join Date
    May 2012
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Woody Leonhard's article was a great relief to me. However it left one question:
    According to the doomsayers, DNSChanger not only messes with one's XP OS, but also messes with your router.
    Does dcwg.org test the latter as well as the former?

  5. New Lounger
    Join Date
    Dec 2009
    Location
    Springfield, IL, USA
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts

    But what about the note regarding one's ISP?

    When one does the test page, a note appears, " Please note, however, that if your ISP is redirecting DNS traffic for its customers you would have reached this site even though you are infected." That seems to be the end of the line as far as information is concerned. Admittedly, I have not tried to talk to my ISP (almost always a disappointing and frustrating experience). So, what's to be done?

  6. New Lounger
    Join Date
    Dec 2009
    Location
    St. Louis, MO
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    This week Woody referenced Windows Defender Offline and Kathleen referenced MSE 4.0. Do you know if there is a direct relationship between MSE and WDO in the sense that the new MSE 4.0 implies there may be an updated WDO to grab too?

  7. New Lounger
    Join Date
    May 2012
    Location
    Co Down N.Ireland
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks for the info Woody,
    I'm green thankfully, even a complete novice like myself could use the links provided and check, keep up the good work,
    Cheers friend
    Nev.

  8. New Lounger
    Join Date
    Dec 2009
    Location
    Lyons, CO, USA
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Uh, if DNS is wrong, who verifies the Check-up site isn't a spoof?

    I'm not sophisticated enough to divine all the implications of DNS hijacking.

    But when I tried http://www.dns-ok.us/ there was no signature on the website so I wonder what the test actually proved?

  9. New Lounger
    Join Date
    May 2012
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Woody,

    TDSS is a bear indeed, but I'm not so sure about painting the infected machines (and their users) with the broad brush of video codecs from adult web sites distribution model.

    I encountered this virus at initial distribution prior to the AV makers rolling out updates for it. It was very widely distributed for at least a few months via well-disguised malicious email which appeared legitimate and appeared to be from known-good sources, e.g., faked American Airlines email with a spoofed aa.com return and header routing, to good email addresses harvested from who-knows-where, in attached .zip files where the AV software failed to scan inside the archives. Once loaded, this nasty also "called around" and invited many others nasties to the parties it was throwing on users' machines, resulting in some very difficult and lengthy cleaning operations. It was also very frightening to users who suddenly found their Windows' desktops without any icons, their Start menus changed, and the browser behavior altered not only in IE, but also Chrome, and others.

    The idea of machines being infected "Typically ... by posing as a codec needed for ... adult sites" as the predominant distribution method could have some seriously ill effects on very innocent victims who did not knowingly violate any policies whatsoever, and never visited any such sites. Litterally, their only "crime" was having an email address, including corporate email addresses, that got harvested from some unknown source at some unknown time.

  10. New Lounger
    Join Date
    May 2012
    Posts
    7
    Thanks
    1
    Thanked 0 Times in 0 Posts

    DNSChanger article Feed Back

    The DCWG test page worked easy. Thanks for article. I checked and was OK.
    Dennis S

  11. Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    2,393
    Thanks
    72
    Thanked 296 Times in 270 Posts
    Quote Originally Posted by FibleFarfer42 View Post
    The idea of machines being infected "Typically ... by posing as a codec needed for ... adult sites" as the predominant distribution method could have some seriously ill effects on very innocent victims who did not knowingly violate any policies whatsoever, and never visited any such sites.
    Yes. Who defines "Typically"?

    Although about a different trojan, this story indicates that it doesn't make sense to assume that infections only or mostly stem from attempting to access dubious sites or content:

    The Amnesty International incident is the latest reminder that users can be infected even when they visit websites they trust and frequent often. It challenges the myth that as long as people steer clear of sites offering porn, pirated movies and software, and other unsavory content, they aren't susceptible to attacks that surreptitiously install malware on their systems.
    Amnesty International malware attack: when bad things happen on good sites

    Bruce

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •