[MUST READ] DNS MALWARE

Tweet

What Does DNSChanger Do to My Computer?

DNSChanger malware causes a computer to use rogue DNS servers in one of two ways.First, it changes the computer’s DNS server settings to replace the ISP’s good DNS servers with rogue DNS servers operated by the criminal.Second,it attempts to access devices on the victim’s small office/home office (SOHO) network that run a dynamic host configuration protocol (DHCP) server (eg. a router or home gateway).The malware attempts to access these devices using common default usernames and passwords and,if successful, changes the DNS servers these devices use from the ISP’s good DNS servers to rogue DNS servers operated by the criminals.This is a change that may impact all computers on the SOHO network,even if those computers are not infected with the malware.

On Monday morning july 9,2012 approximately 300,000 computers will lose Internet connectivity due to the DNSChanger malware. The DNSChanger malware, which manipulated DNS settings to replace good DNS servers with rogue servers, redirected unknowing users to webpages filled with advertisements in order to generate illegal profits. Prior to being arrested by the FBI in November of 2011, the six Estonian hackers behind DNSChanger netted over $14 million!

Why is this happening?

It started in year 2007, when a group of hackers -- six Estonians and one Russian -- allegedly started masquerading as Internet advertisers who were paid by the click, according to an 2011 indictment from the U.S. Attorney General's Office in the Southern District of New York. In other words, if an ad got more clicks, they pocketed more cash.

So they figured out a way to beat the system, according to the indictment.They created a piece of malware, called DNS Changer, that tampered with the DNS -- the thing that takes a website address and finds the numerical IP address to connect you to that website,redirecting millions of Internet users to sites they didn't search for.

For instance, if your computer was infected and you clicked a link to go to Netflix, you would wind up at "BudgetMatch," according to the FBI. The practice is called "click hijacking."

Once the FBI got around to fixing the problem in 2011, it realized it couldn't simply shut down the rogue servers because infected computers would be left without a functioning DNS, leaving them virtually Internet-less. So it set up temporary servers to give malware-infected Internet users time to fix their computers.

And time runs out on Monday, July 9.

(There isn't a planned attack this Monday that will shut down the Internet; those whose computers are already infected will lose the Band-Aid the FBI put on the problem more than a year ago.)

How can you detect if your computer has been violated and infected with DNS Changer?

An industry wide team has developed easy “are you infected” web sites.  They are a quick way to determine if you are infected with DNS Changer. Each site is designed for any normal computer user to browse to a link, follow the instructions, and see if they might be infected. Each site has instructions in their local languages on the next steps to clean up possible infections.

check your dns here: www.dns-ok.us

-http://www.dns-ok.ca/

if not infected it will look like this --->

IF INFECTED ITS RED -->

added information:

Microsoft® Windows® Malicious Software Removal Tool (KB890830)--Microsoft will release an updated version of this tool on the second Tuesday of each month.This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found.