Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware may knock thousands off line 7-9-2012


  • Please log in to reply
8 replies to this topic

#1 castoffpolite

castoffpolite

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Somewhere in Nebraska, I think.
  • Local time:05:44 AM

Posted 05 July 2012 - 05:59 AM

From Yahoo News

WASHINGTON (AP) — The warnings about the Internet problem have been splashed across Facebook and Google. Internet service providers have sent notices, and the FBI set up a special website.

But tens of thousands of Americans may still lose their Internet service Monday unless they do a quick check of their computers for malware that could have taken over their machines more than a year ago.







Mod Edit ,Title spelling repaired~~ boopme

Edited by boopme, 05 July 2012 - 08:19 PM.


BC AdBot (Login to Remove)

 


#2 phoenixevanidus

phoenixevanidus

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 05 July 2012 - 09:30 AM

This story is why I came here, because I don't trust it. I swear I read the same thing several months back, but I thought the shut down was happening in a different month/had happened already.

They give a link at the end of the story to the company the FBI brought in so that everyone can scan their computer, but what I don't understand is if this is actually picked up, or not, by regular software NOT connected to the government (or, not that I know of anyway) like MBAM, SAS, my antivirus, etc.

Does anyone know more about this?

#3 Kyushu1367

Kyushu1367

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 05 July 2012 - 10:14 AM

To answer your question above, they are not doing a scan of the PC's themselves so to speak, they are actually looking up to see what DNS servers the machines are registering to. They have a complete list of the DNS server redirects as that is what the infected people are connecting to. They setup clean servers in order to have people that were infected with this DNS redirect retain the ability to get online. As a result they simply scan for what DNS servers people are trying to connect into, if it's on the list it will show-up as red. It's a fairly low tech way to do wide spread diagnostics. As for the timing, this was changed from a February date as the agencies did not think that the information was wide spread enough to the user public to prevent a large scale outage due to the problem. I can understand people's suspicion, but in this case it is fairly non-invasive as they are not looking for information that your computer does not report to every website you visit to some degree or another.

#4 phoenixevanidus

phoenixevanidus

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 05 July 2012 - 10:50 AM

Awesome. Thank you for explaining the scan :D

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:44 AM

Posted 05 July 2012 - 08:28 PM

There is a good article here
DNSChanger Malware Set to Knock Thousands Off Internet on Monday

Thousands of PCs worldwide may be unable to access the Internet beginning July 9 unless those machines are rid of the pernicious DNSChanger malware that first surfaced in 2007. The Federal Bureau of Investigation helped shut down the criminal ring responsible for DNSChanger in late 2011.


Click Here to see if you are OK

Protect Yourself From DNSChanger
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:44 PM

Posted 06 July 2012 - 06:14 AM

Hi,

you're completely correct in saying "wasn't there something like this just months ago?". The take-down date for the servers was originally set to be the 8th of March. At the time it was estimated that 500.000 PCs were still infected and would be knocked offline and the FBI decided to keep the servers online for another 3 months. This time, they say, it's definite and they will take the servers online on monday.

As they currently estimate that 250.000 PCs are still infected, I think we will have to wait and see if the FBI really does cut them off or postpones once more.

regards myrti

Edited by myrti, 06 July 2012 - 07:58 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 herg62123

herg62123

  • Members
  • 553 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montgomery, AL
  • Local time:06:44 AM

Posted 06 July 2012 - 01:26 PM

Looks like PC Repair Shops like myself will be busy come Monday.
Posted Image

#8 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:44 AM

Posted 07 July 2012 - 04:31 PM

Hi all,

Correct me if I'm wrong, but:

I've read about this months ago, and honestly, I don't think it's anything we (in the community) should be worried about. The discrepancies will show up in the logs...and be fixed accordingly if there are problems.

As I remember it, this was a hosts file/security issue, correct? Can't remember now...

bloopie

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:44 PM

Posted 07 July 2012 - 04:46 PM

Hi bloopie,

the issue was a bit bigger than that. It actually replaced the DNS servers both on the machine, and if it could, on the router with malicious ones that would redirect you to ad-sites.

The FBI seized the servers a while ago and has been offering "normal" DNS servers as a stand in since then. Now they will turn off those new DNS servers, that means that starting tomorrow anyone who is still infected or has some left-over of the infection on his machine, will no longer be able to resolve any given web-address. Only numerical IPs will work.
Add to this, that, if the router was infected, all devices on the network will be knocked offline and unreachable, this may cause quite a stirrup. However, since they likely won't be able to get online (except through their 3g phone maybe), this is not something we need to prepare for especially.

We should be aware of this, as it can save you a lot of trouble-shooting on a "broken internet connection" and we will likely get some panicky users, telling us their internet is kaputt. If the leftover are only in the routers, this will not show in the logs either. So some logical combinating may be necessary to reach the conclusion that the router is infected. :wink: However this is not an infection that is new and we know very well how to remove and fix it, if they come to us for help.

regards myrti

Edited by myrti, 07 July 2012 - 04:47 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users