July 9 could be 'Internet doomsday' for some (so check your PC or Mac)
FBI
July 9 might be "Internet doomsday" for PC and Mac users who haven't taken steps to make sure their systems are not infected with what's being called DNSChanger malware.
That's right: Your Internet connection may not work that day because the safety net now in place from the FBI against the malware will be removed then, and if your computer is infected, you won't be able to get to the Internet.
Let's back up a minute to give you some quick background. Last fall, theFBI arrested six Estonian nationals who were charged with using malware and rogue DNS servers to hijack millions of computers worldwide.
At that time, Trend Micro's Feike Hacquebord called it the "biggest cybercriminal takedown in history." The company was one of several that worked with the FBI on the takedown, and described the scheme:
A variety of methods of monetizing the DNSChanger botnet [are] being used by criminals, including replacing advertisements on websites that are loaded by victims, hijacking of search results and pushing additional malware.
FBI
Because the malware is so nasty — it's strong enough to wipe out a computer's anti-virus software — the FBI set up a safety net using government computers to prevent any Internet disruptions for users whose computers may be infected.
That safety net was set to go away in February, but the date has been extended to July 9 because the agency is concerned that not enough users are aware of the problem.
Says the FBI:
To assist victims affected by the DNSChanger malicious software, the FBI obtained a court order authorizing the Internet Systems Consortium (ISC) to deploy and maintain temporary clean DNS servers. This solution is temporary, providing additional time for victims to clean affected computers and restore their normal DNS settings. The clean DNS servers will be turned off on July 9, 2012, and computers still impacted by DNSChanger may lose Internet connectivity at that time.
So, what do you need to do? Make sure your computer is clean. You can do that first, by visiting this FBI-backed website, DNS-OK, which will tell you whether your computer is infected with DNSChanger malware.
The FBI says that if you see green, that's good. Red means you're infected. Still, the bureau notes, some systems that appear to be clean may appear that way because of their service provider: "If your ISP is redirecting DNS traffic for its customers, you would have reached this site even though you are infected."
So the next step, definitely if you're "red," but even a good idea if you're "green," is to go to this site, run by the DNS Changer Working Group. The DNS Changer Working Group will detect whether your computer has been "violated," and if so, will point you to the right fix for your computer.
The sooner you do this, the better. You don't want to wait until July 9 to chance an "Internet doomsday" happening.
What is the DNS Changer Malware?
On November 8, the FBI, the NASA-OIG and Estonian police arrested several cyber criminals in “Operation Ghost Click”. The criminals operated under the company name “Rove Digital”, and distributed DNS changing viruses, variously known as TDSS, Alureon, TidServ and TDL4 viruses. You can read more about the arrest of the Rove Digital principals here, and in the FBI Press Release.
What does the DNS Changer Malware do?
The botnet operated by Rove Digital altered user DNS settings, pointing victims to malicious DNS in data centers in Estonia, New York, and Chicago. The malicious DNS servers would give fake, malicious answers, altering user searches, and promoting fake and dangerous products. Because every web search starts with DNS, the malware showed users an altered version of the Internet.
Under a court order, expiring July 9, the Internet Systems Consortium is operating replacement DNS servers for the Rove Digital network. This will allow affected networks time to identify infected hosts, and avoid sudden disruption of services to victim machines.
How Can I Protect Myself?
This page describes how you can determine if you are infected, and how you can clean infected machines. To check if you’re infected, Click Here. If you believe you are infected, here are instructions on how to clean your computer.
0 comments:
Post a Comment