Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

DNSChanger Malware Set to Knock Thousands Off Internet on Monday
PC World ^ | July 5, 2012 | Ian Paul

Posted on 07/05/2012 9:08:55 AM PDT by yorkie

Thousands of PCs worldwide may be unable to access the Internet beginning July 9 unless those machines are rid of the pernicious DNSChanger malware that first surfaced in 2007. The Federal Bureau of Investigation helped shut down the criminal ring responsible for DNSChanger in late 2011. The federal agency then briefly handled the Internet Domain Name System routing for all infected Mac and Windows systems.

(Excerpt) Read more at pcworld.com ...


TOPICS: News/Current Events
KEYWORDS: computervirus; dns; freerepublic; malware

1 posted on 07/05/2012 9:09:06 AM PDT by yorkie
[ Post Reply | Private Reply | View Replies]

To: yorkie
infected Mac

What? That's impossible.

2 posted on 07/05/2012 9:11:00 AM PDT by McGruff (Support your local Republican candidates. They are our last line of defense.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: yorkie
This thing smells to high heaven.

Internet providers and software designers have had 5 years to update definitions but haven't?

I don't believe it.

3 posted on 07/05/2012 9:11:00 AM PDT by BenLurkin (This is not a statement of fact. It is either opinion or satire; or both)
[ Post Reply | Private Reply | To 1 | View Replies]

To: BenLurkin

It explains why, in the article, Ben. This is really nasty. It was also reported on FOX this morning.


4 posted on 07/05/2012 9:13:23 AM PDT by yorkie
[ Post Reply | Private Reply | To 3 | View Replies]

To: BenLurkin

Well I haven’t been able to get on the internet since that y2k thing.


5 posted on 07/05/2012 9:14:05 AM PDT by Currentriverrat (People are calling our President the Fresh Prince of Bill Ayers, that's not allowed is it?)
[ Post Reply | Private Reply | To 3 | View Replies]

To: rdb3; Calvinist_Dark_Lord; Salo; JosephW; Only1choice____Freedom; amigatec; stylin_geek; ...

6 posted on 07/05/2012 9:15:23 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: yorkie

I went to the site to check my computer and they did not have anything for my junk Vista.


7 posted on 07/05/2012 9:16:28 AM PDT by mountainlion (I am voting for Sarah after getting screwed again by the DC Thugs.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: yorkie

If this happens, and you decide you can’t clean/fix your computer but still want to get to Free Republic despite the Slavic and Gypsy hackers reading all your data, add the addresses 209.157.64.200 and 209.157.64.201 to your HOSTs file (found on Windows machines in c:\windows\system32\drivers\etc). Be sure NOT to put a .txt or other file extension on this file.

;-)


8 posted on 07/05/2012 9:17:25 AM PDT by Alas Babylon! (Who? Vote for WHO? Not Obama!!! Then WHO?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: TXDuke

Ping


9 posted on 07/05/2012 9:19:27 AM PDT by call meVeronica
[ Post Reply | Private Reply | To 1 | View Replies]

To: BenLurkin

Here is the link to click (for Malware check) from My Fox Phoenix - that was reported this morning.....

http://www.myfoxphoenix.com/story/17290699/seen-on-tv


10 posted on 07/05/2012 9:19:54 AM PDT by yorkie
[ Post Reply | Private Reply | To 3 | View Replies]

To: yorkie

I was knocked off tuesday, but not by malware...

tornado, hail, rain and power outage is what got me..

can that be considered malware?


11 posted on 07/05/2012 9:21:48 AM PDT by joe fonebone (I am the 15%)
[ Post Reply | Private Reply | To 1 | View Replies]

To: joe fonebone

Well, it looks like you got through it (hopefully safely)


12 posted on 07/05/2012 9:23:42 AM PDT by yorkie
[ Post Reply | Private Reply | To 11 | View Replies]

To: yorkie

Incredible


13 posted on 07/05/2012 9:23:48 AM PDT by ZULU (See: http://www.youtube.com/watch_popup?v=D9vQt6IXXaM&hd)
[ Post Reply | Private Reply | To 1 | View Replies]

To: BenLurkin
This thing smells to high heaven.

Internet providers and software designers have had 5 years to update definitions but haven't?

I don't believe it.

This malware actually redirects DNS. This isn't something that's avoidable if you're infected. It means that you're using bad DNS to get your addresses, even if it looks legit on the surface.

Most likely, unless someone got a hard copy of an anti-virus program or virus definitions, they'd never get legitimate fixes from the major AV providers.

14 posted on 07/05/2012 9:23:48 AM PDT by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: mountainlion

To manually check Vista go to command prompt (it’s in accessories) and enter exactly ipconfig /all.
Chck if your DNS lists one of the bad ones.

The bad DNS’s are listed at the bottom of this page: http://www.dcwg.org/detect/checking-windows-7-for-infections/


15 posted on 07/05/2012 9:24:16 AM PDT by mrsmith (Dumb sluts: Lifeblood of the Media, Backbone of the Democrat Party!)
[ Post Reply | Private Reply | To 7 | View Replies]

To: yorkie

This virus has already hit my husband’s home and business (at our home) computers. Yesterday my IPAD kept disconnecting from our wireless because of the problems my husband was having on his main computer. He knows about this virus, but has not told me what he is going to do about it.


16 posted on 07/05/2012 9:25:53 AM PDT by Linda Frances (Woe to those who call evil good and good evil, who put darkness for light and light for darkness)
[ Post Reply | Private Reply | To 1 | View Replies]

To: BenLurkin
Internet providers and software designers have had 5 years to update definitions but haven't?

Since they also own the companies that provide anti-virus software and "fixes" for the attacks, why should they? They create the virus then sell you a remedy. Do we really think that all that crap comes from acne blotched malcontents working in their moms' basements?

17 posted on 07/05/2012 9:28:10 AM PDT by JimRed (Excising a cancer before it kills us waters the Tree of LibertyI'm st! TERM LIMITS, NOW AND FOREVER!)
[ Post Reply | Private Reply | To 3 | View Replies]

To: mrsmith

Bookmark


18 posted on 07/05/2012 9:30:51 AM PDT by publius911 (Formerly Publius 6961, formerly jennsdad)
[ Post Reply | Private Reply | To 15 | View Replies]

To: Currentriverrat
Well I haven’t been able to get on the internet since that y2k thing.

Don't worry about it. Besides FR, there are few places worth visiting. Mainly lots of freely accessible pornography.
BTW, are you logged in?

19 posted on 07/05/2012 9:32:16 AM PDT by FreedomOfExpression
[ Post Reply | Private Reply | To 5 | View Replies]

To: yorkie

Can I catch the virus if I’m not logged in? I’m pretty sure I’m not.


20 posted on 07/05/2012 9:35:17 AM PDT by Alter Kaker (Gravitation is a theory, not a fact. It should be approached with an open mind...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: yorkie

bookmarked


21 posted on 07/05/2012 9:41:08 AM PDT by BlueLancer ("No friend ever served me, and no enemy ever wronged me, whom I have not repaid in full" (Sulla))
[ Post Reply | Private Reply | To 1 | View Replies]

To: Alter Kaker
"Can I catch the virus if I’m not logged in? I’m pretty sure I’m not"

Are you series?

22 posted on 07/05/2012 9:43:59 AM PDT by yorkie
[ Post Reply | Private Reply | To 20 | View Replies]

To: mrsmith

Looks good. Thanks. Ain’t Vista Great!/s...


23 posted on 07/05/2012 9:51:28 AM PDT by mountainlion (I am voting for Sarah after getting screwed again by the DC Thugs.)
[ Post Reply | Private Reply | To 15 | View Replies]

To: yorkie; ShadowAce; SunkenCiv; Ernest_at_the_Beach; Poser

"HEY! I BEEN THROWN OUTTA BETTER PLACES THAN THIS!"

24 posted on 07/05/2012 10:00:00 AM PDT by martin_fierro (< |:)~)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Currentriverrat

“Well I haven’t been able to get on the internet since that y2k thing”

Me too. But I haven’t complained because my microwave works so much better than it used to.


25 posted on 07/05/2012 10:02:34 AM PDT by Cyman
[ Post Reply | Private Reply | To 5 | View Replies]

To: yorkie

Yeah, but, taking a line from Jaws..

I think I’m gonna need a bigger generator.....

I was not as prepared as I would have liked to be, but was far more prepared than most...


26 posted on 07/05/2012 10:03:34 AM PDT by joe fonebone (I am the 15%)
[ Post Reply | Private Reply | To 12 | View Replies]

To: yorkie
Malware Set to Knock Thousands Off Internet on Monday
When it comes to anti-malware SW, there are few better than Malwarebytes Anti-Malware ... and it's free.
In fact, it just found and deleted two files on my PC that were infected with RootKit.ZeroAccess.
27 posted on 07/05/2012 10:08:33 AM PDT by oh8eleven (RVN '67-'68)
[ Post Reply | Private Reply | To 1 | View Replies]

To: rarestia

If it redirects DNS then why wouldn’t it re-direct DNS away from the government website?


28 posted on 07/05/2012 10:12:03 AM PDT by BenLurkin (This is not a statement of fact. It is either opinion or satire; or both)
[ Post Reply | Private Reply | To 14 | View Replies]

To: yorkie
If you have a Windows XP or later, download and install the current version of Microsoft Security Essentials, patch it with the latest malware definitions, and run a full system scan. This should remove the damage that DNSChanger has done to your system and ensure you won't be knocked off on July 9, 2012.
29 posted on 07/05/2012 10:12:23 AM PDT by RayChuang88 (FairTax: America's economic cure)
[ Post Reply | Private Reply | To 1 | View Replies]

To: yorkie
Once the FBI shut down the operation, it built a safety net of new servers to redirect traffic from those infected with the virus.

Why would they do that? Is the FBI in the business of running Internet servers?

I guess I'm slow but I don't understand why anti-virus programs were just simply updated. If the problem is that you can't update definitions on line why hasn't the fix been on sale at Best Buy for the last 5 years?

30 posted on 07/05/2012 10:16:46 AM PDT by BenLurkin (This is not a statement of fact. It is either opinion or satire; or both)
[ Post Reply | Private Reply | To 4 | View Replies]

To: BenLurkin

The men running this scam have been arrested, but many of the zombie computers are acting as DNS relays for the network they setup. No one is updating the DNS database any longer, so the new .org website isn’t in the catch list for them. As such, any one who has this should be able to go to this website without being re-directed.

Keep in mind, DNS is not all-inclusive. Corporations, governments, even the international registers can manipulate their DNS however they way. That’s all these scammers did. Once the malware was installed, all DNS was redirected to their servers by the malware, regardless of the DNS servers specified for the adapter.

It’s important to note this transcends operating system. This could be PC, Mac, or even Linux under the right conditions.


31 posted on 07/05/2012 10:17:53 AM PDT by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 28 | View Replies]

To: joe fonebone

WOW! You sure DID have a storm! (I wasn’t aware of it!)

http://www.wxyz.com/dpp/news/region/macomb_county/macomb-and-oakland-county-suffered-the-most-damage-after-bearing-the-brunt-of-the-storms


32 posted on 07/05/2012 10:20:41 AM PDT by yorkie
[ Post Reply | Private Reply | To 26 | View Replies]

To: JimRed
MOST viruses come out of Russia and China nowadays. They're usually created to defraud individuals, re-route money from corporations, and generally bring down or infect anyone dumb enough to be running machines directly-connected to the Internet with no firewall or virus protection.

Unpatched PCs compromised in 20 minutes

You reformat your hard disk and install the OS with a direct connection to the Internet (no hardware firewall), and you're likely to be infected before you can even patch your machine. This is becoming more prevalent on PCs running Windows XP.

"Script kiddies" are those pimple-faced kids who run scripts they find on an anonymous FTP or IRC chat room. They're usually responsible for DDoS (Distributed Denial of Service), but the actual high-level, newer viruses are created by very devious, intelligent individuals.

33 posted on 07/05/2012 10:25:42 AM PDT by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 17 | View Replies]

To: yorkie

this is right where I live, I was in the middle of it.... i did not get flooded out, but by the time I got my generator running, the sump was filled right to the top... my neighbor was not so lucky... I gave him one of the outlets on my generator and he got his pumped out....

my power came back on late yesterday afternoon. but the fuses had blown out on my air conditioning. when I got into my car to go buy some, the outside temperature was 108 degrees....


34 posted on 07/05/2012 10:30:52 AM PDT by joe fonebone (I am the 15%)
[ Post Reply | Private Reply | To 32 | View Replies]

To: joe fonebone
. but the fuses had blown out on my air conditioning.

Because of low voltage initially I would suspect.

35 posted on 07/05/2012 10:41:01 AM PDT by steve86 (Acerbic by nature not nurture TM)
[ Post Reply | Private Reply | To 34 | View Replies]

To: steve86

low voltage... slow voltage... no voltage.... hell, it is so damn old that all I have to do is stare at it real hard and the fuses blow..

It is so old that it uses freon, the real stuff...

22 years old and still pumping out more cold air than any of the new ones..

when I bought it, the expert told me I needed a 2 ton unit for my house, I told him to install a 5 ton unit.

I hardly has to work to turn my house into a refrigerator..


36 posted on 07/05/2012 10:51:20 AM PDT by joe fonebone (I am the 15%)
[ Post Reply | Private Reply | To 35 | View Replies]

To: yorkie

This would have been easily fixable quite some time ago by either the ISP or FBI. At the ISP level, all they’d have to do is have a NAT in place so that any request for the known bad DNS servers would go to a DNS server that would serve whatever the ISP wanted. The ISP could then direct all traffic from infected computers to a website that tells them they are infected, and how to fix it. This isn’t rocket science folks, and could have been put in place years ago at almost no cost to the ISP. Of course, they’d actually have to give a damn about their customers.


37 posted on 07/05/2012 10:54:59 AM PDT by zeugma (Those of us who work for a living are outnumbered by those who vote for a living.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: yorkie

ping....

(Or, perhaps more appropriately - nslookup....).


38 posted on 07/05/2012 10:58:13 AM PDT by Zetman
[ Post Reply | Private Reply | To 1 | View Replies]

To: stylecouncilor

What does M say about this?

007


39 posted on 07/05/2012 11:02:53 AM PDT by onedoug
[ Post Reply | Private Reply | To 1 | View Replies]

To: oh8eleven

bump for later!


40 posted on 07/05/2012 11:26:40 AM PDT by freebird5850 (Guilty but not prosecuted? Sounds like a liberal to me.)
[ Post Reply | Private Reply | To 27 | View Replies]

To: freebird5850

This is what my ISP sent me back in May:

Users of Windows PC and Macs alike have until July 9, 2012, to check and see if they’ve been infected with malware called DNS Changer and, if so, disinfect their computers. After that, the FBI will throw a switch that prevents infected computers from accessing the Internet.

What’s going on here? It all began 2007, when DNS Changer surfaced and infected millions of machines. (To give you some background, the DNS system is a network of servers that translates a website address into the numerical addresses that computers use.) DNS Changer reprogrammed victim computers to use rogue DNS servers owned by the attackers. This allowed the attackers to redirect computers to hacker-created websites, and also prevented computers from updating or using anti-virus software, leaving them vulnerable to other threats.)

Last November, the FBI arrested six Estonian nationals that allegedly ran the fraud, and seized the rogue DNS servers. The FBI put up surrogate servers in place of the malicious ones, but only temporarily. After July 9, those servers will shut down, preventing infected computers from reaching the Internet since they’ll be trying to redirect through servers that no longer exist.

To find out if your computer is infected and how to address the problem, visit https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS and click on “Check Your DNS.” Also be sure to update and run your current security software. If you need assistance, please contact us for security software recommendations.

You’ll find additional information on DNS Changer at these links:
www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-malware.pdf
www.foxnews.com/scitech/2012/04/23/hundreds-thousands-may-lose-internet-in-july
www.usatoday.com/tech/news/story/2012-04-20/internet-woes-infected-pcs/54446044/1?csp=hf


41 posted on 07/05/2012 4:19:20 PM PDT by ncpatriot
[ Post Reply | Private Reply | To 40 | View Replies]

To: yorkie

bump


42 posted on 07/05/2012 4:22:43 PM PDT by malia
[ Post Reply | Private Reply | To 1 | View Replies]

To: mrsmith

mark’d for later,,, thanks


43 posted on 07/05/2012 4:28:04 PM PDT by piroque ("In times of universal deceit, telling the truth becomes a revolutionary act")
[ Post Reply | Private Reply | To 15 | View Replies]

To: yorkie

http://www.dcwg.org/
This is the site set up by the fbi for help.


44 posted on 07/05/2012 4:28:52 PM PDT by Liberty Valance (Keep a simple manner for a happy life :o)
[ Post Reply | Private Reply | To 1 | View Replies]

To: musicman

bookmark


45 posted on 07/05/2012 4:44:19 PM PDT by musicman (Until I see the REAL Long Form Vault BC, he's just "PRES__ENT" Obama = Without "ID")
[ Post Reply | Private Reply | To 44 | View Replies]

To: Liberty Valance

I see nothing for IOS 5.1.1 or IPad, Iphone, etc. Any word on that?


46 posted on 07/06/2012 6:14:08 AM PDT by rickyc
[ Post Reply | Private Reply | To 44 | View Replies]

To: Liberty Valance

I see nothing for IOS 5.1.1 or IPad, Iphone, etc. Any word on that?


47 posted on 07/06/2012 6:14:29 AM PDT by rickyc
[ Post Reply | Private Reply | To 44 | View Replies]

To: rickyc
I see nothing for IOS 5.1.1 or IPad, Iphone, etc. Any word on that?

Great catch...and good question. I'm not comfortable going to ANY site, especially government run, to check my computer out. From everything I've read, if you have a good firewall and anti-virus protection, you're probably good. Also, not doing boneheaded things like signing up for “you've won a such and such” should keep you in the clear.

Personally, I am with a lot of other folks who believe this is a load of crap with a dash of nefarious added.

48 posted on 07/07/2012 5:45:44 PM PDT by freeperkiki
[ Post Reply | Private Reply | To 47 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson