Virus – Learning from Dogs

Take a few moments and read this.

Thanks to Naked Capitalism for including this item in today’s list of links. One of those links was to an item in today’s Washington Post from which I quote,

Thousands could lose access to the Internet on July 9 due to a virus, DNSChanger, that once infected approximately 4 million computers across the world.

The Federal Bureau of Investigation first gave details about the virus last November, when it announced the arrest of the malware’s authors. The virus, as its name indicates, affected computers’ abilities to correctly access the Internet’s DNS system — essentially, the Internet’s phone book. The virus would redirect Internet users to fake DNS servers, often sending them to fake sites or places that promoted fake products. Once the FBI shut down the operation, it built a safety net of new servers to redirect traffic from those infected with the virus.

But that safety net is going offline next Monday meaning that anyone who is still infected with the virus will lose access to the Internet unless they remove it from their machine.

The Washington Post then goes to say,

To see if you have the virus, you can head to any number of checker Web sites such as the DNS Changer Working Group or the FBI itself to either enter your IP address or simply click a button to run a check against addresses known to have problems. With any luck, you’ll be free and clear and won’t have to worry about the problem any further.

I chose the FBI website that is here https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS as it seemed to have comprehensive instructions on what to do.

Then chose the URL for English, that is this one http://www.dns-ok.us/ that directed me to a website that instantly confirmed that a) it was the correct website – DNS Changer Check-Up, and b) my result.

DNS Resolution = GREEN

Your computer appears to be looking up IP addresses correctly!

Had your computer been infected with DNS changer malware you would have seen a red background. Please note, however, that if your ISP is redirecting DNS traffic for its customers you would have reached this site even though you are infected. For additional information regarding the DNS changer malware, please visit the FBI’s website at:
http://www.fbi.gov/news/stories/2011/november/malware_110911

Seems to me to be a message worth circulating as widely as possible.

Footnote: 9th July, 06:40.

Noticed the following article on the BBC News website this morning, from which I quote:

More than 300,000 people, including many in the US and UK, could lose internet access later as the FBI shuts off servers used by cyber thieves.

The FBI seized the servers in November 2011 during raids to break up a gang of criminals who used viruses to infect more than four million victims.

Victims’ web searches were routed through the servers so they saw adverts that led to the gang being paid.

Many machines still harbour the gang’s malicious code.

Global clean up

The gang racked up more than $14m (£9m) by hijacking web searches and forcing victims to see certain adverts. They managed to do this because their servers were taking over a key web function known as domain name look-up.

Domain names are the words humans use, such as bbc.co.uk, for websites. These are converted into the numerical values that computers use by consulting domain name servers (DNS).

When a person types a name into a browser address bar, often their computer will consult a DNS server to find out where that website resides online.

The gang infected computers with malware called DNS Changer because it altered where a PC went to convert domain names to numbers.

Since the FBI raids the gang’s servers have been run by Californian company ISC. Over the last few months, the FBI has worked with many ISPs and security firms to alert victims to the fact that their PC was infected with DNS Changer. Online tools are available that let people check if they are infected.

This has meant the original population of four million infected machines has been whittled down to just over 300,000, according to statistics gathered by the DNS Changer Working Group.

The largest group of machines still harbouring the infection are in the US but many other nations, including Italy, India, the UK and Germany, have substantial numbers still checking in with the ISC servers.

These servers will be shut down on 9 July.

The result could be that some people lose net access because the PCs that are still victims of DNS Changer will suddenly have nowhere to go when they need to look up the location of a particular domain.

It might take some time for the problems to become apparent, said Sean Sullivan, a security researcher at F-Secure.

“Initially some domains will be cached which will mean web access will be spotty,” he said. “People will be confused about why some things work and some do not.”

Other security experts said it might take time for the remaining infected machines to be cleaned up.

“Reaching victims is a very hard problem, and something we have had issues with for years,” said Johannes Ullrich, a researcher with the Sans security institute.

He expected the impact to be “minimal” because many of these systems were no longer used or maintained.

If you have any doubt, do check your DNS as soon as possible.

Share this: