On March 8th, 2012 the Internet could be blocked by Fbi for million of users just because of a malware that has corrupted computers half of Fortune 500 companies and government agencies.
This malware, called DNSChanger, is said to illegally redirect traffic to unintended and illegal sites and prevent users from accessing the updates necessary to remove it.Last year, authorities in Estonia apprehended six men believed responsible for creating a malicious computer script called the DNSChanger Trojan. Once set loose on the Web, the worm corrupted computers in upwards of 100 countries, including an estimated 500,000 in America alone.
The US Federal Bureau of Investigation later stepped up by replacing the rogue Trojan with servers of their own in an attempt to remediate the damage, but the fix was only temporary. Now the FBI is expected to end use of those replacement servers as early as next month and, at that point, the Internet for millions could essentially be over.
When functioning as its creators intended, the DNSChanger Trojan infected computers and redirected users hoping to surf to certain websites to malicious ones. Traditionally, DNS, or Domain Name System, servers translate alphabetical, traditional website URLs to their actual, numeric counterpart in order to guide users across the World Wide Web. Once infected by the DNSChanger Trojan, however, websites entered into Internet browsers were hijacked to malicious servers and, in turn, directed the user to an unintended, fraudulent site.
The temporary servers set up by the FBI were created to allow companies to remove the worm from their infected servers; those affected had 120 days to get rid of the malware.
What Does DNSChanger Do to My Computer:-
DNSChanger malware causes a computer to use rogue DNS servers in one of two ways. First, it changes the computer’s DNS server settings to replace the ISP’s good DNS servers with rogue DNS servers operated by the criminal. Second, it attempts to access devices on the victim’s small office/home office (SOHO) network that run a dynamic host configuration protocol (DHCP) server (eg. a router or home gateway).
The malware attempts to access these devices using common default usernames and passwords and, if successful, changes the DNS servers these devices use from the ISP’s good DNS servers to rogue DNS servers operated by the criminals. This is a change that may impact all computers on the SOHO network, even if those computers are not infected with the malware.
How Do I Check My Computer is Infected from DNSChanger Malware or Not:-
To determine if a computer is using rogue DNS servers, it is necessary to check the DNS server settings on the computer. So compare your DNS Server with the below Rogue DNS Servers:-
85.255.112.0 through 85.255.127.255
67.210.0.0 through 67.210.15.255
93.188.160.0 through 93.188.167.255
77.67.83.0 through 77.67.83.255
213.109.64.0 through 213.109.79.255
64.28.176.0 through 64.28.191.25
What Should I Do?
In addition to directing your computer to utilize rogue DNS servers, the DNSChanger malware may have prevented your computer from obtaining operating system and anti-malware updates, both critical to protecting your computer from online threats. This behavior increases the likelihood of your computer being infected by additional malware. The criminals who conspired to infect computers with this malware utilized various methods to spread the infections. At this time, there is no single patch or fix that can be downloaded and installed to remove this malware. Individuals who believe their computer may be infected should consult a computer professional.
Individuals who do not have a recent back-up of their important documents, photos, music, and other files should complete a back-up before attempting to clean the malware or utilize the restore procedures that may have been packaged with your computer.
[Fbi]
No comments:
Post a Comment