Jun 6, 2012

DNS Changer Check-Up

DNS Resolution = GREEN 

Your computer appears to be looking up IP addresses correctly!

Had your computer been infected with DNS changer malware you would have seen a red background.  Please note, however, that if your ISP is redirecting DNS traffic for its customers you would have reached this site even though you are infected. For additional information regarding the DNS changer malware, please visit the FBI's website at:
http://www.fbi.gov/news/stories/2011/november/malware_110911

THIS AFFECTS BOTH MACS AND PCS!!!!!!
If you have the DNS Changer Trojan, then on July 9th 2012 your computer will not be able to access the internet. In this video I give more details, and show you how to check for it. 

URL to check: http://www.dns-ok.us/
-If you get green background you don't have it :D
-Red means that you might :(
Fix: Download the Program by Avira

http://www.dns-ok.us/

Blackout looming: Thousands to lose Internet access as FBI shuts down servers

July 5, 2012

On July 9, thousands of Internet users worldwide could lose access after the FBI shuts down temporary DNS servers that replaced fraudulent servers operated by hackers.

Major companies and US government agencies are amongst those that could be blocked out, according to the Internet security firm IID.

The blackout will affect systems infected with the DNSChanger Trojan, a malware program that altered user searches and redirected them to pages offering fraudulent and, in some cases, dangerous products.

Last November the FBI arrested and charged six Estonian men behind the malware as part of Operation Ghost Click. These hackers were able to make a fortune off their project, raking in millions for ads placed on their fraudulent websites. 

On the eve of the arrests, the FBI hired Paul Vixie, chairman of the Internet Systems Consortium (ISC) to install two temporary Internet servers that would prevent infected users from losing access to the Internet once the DNSChanger botnet was shut down. These users were advised to take steps to get rid of the malware on their computers, and the DNSChanger Working Group was set up by the computer industry and law enforcement to come up with a plan to phase out the surrogate servers.  

The FBI was initially planning to shut down their provisional servers in March, but a US district court ruled the provisional servers were to remain operation until July 9. 

Running the temporary servers for eight months has cost the FBI $87,000.     

With the looming deadline approaching, estimates suggest up to 360,000 unique Internet addresses are still using the rogue servers, with most of them based in the US, according to federal authorities. Other countries with over 20,000 each include Italy, Canada, India, the United Kingdom and Germany. This is down from the over half a million addresses registered when the six hackers were arrested, but still enough to paralyze the functioning of important websites. At its peak several years ago, up to six million systems worldwide were infected with the malware.

The DNS system is a network of servers that translates a web address into a numerical IP address used by computers. Computers affected by the DNSChanger worm were reprogrammed to access rogue DNS servers that redirected them to fraudulent websites.

http://www.rt.com/news/fbi-internet-dnschanger-shutdown-440/print/

Operation Ghost Click
International Cyber Ring That Infected Millions of Computers Dismantled

11/09/11

Six Estonian nationals have been arrested and charged with running a sophisticated Internet fraud ring that infected millions of computers worldwide with a virus and enabled the thieves to manipulate the multi-billion-dollar Internet advertising industry. Users of infected machines were unaware that their computers had been compromised—or that the malicious software rendered their machines vulnerable to a host of other viruses.

Details of the two-year FBI investigation called Operation Ghost Click were announced today in New York when a federal indictment was unsealed. Officials also described their efforts to make sure infected users’ Internet access would not be disrupted as a result of the operation.

The indictment, said Janice Fedarcyk, assistant director in charge of our New York office, “describes an intricate international conspiracy conceived and carried out by sophisticated criminals.” She added, “The harm inflicted by the defendants was not merely a matter of reaping illegitimate income.”

Beginning in 2007, the cyber ring used a class of malware called DNSChanger to infect approximately 4 million computers in more than 100 countries. There were about 500,000 infections in the U.S., including computers belonging to individuals, businesses, and government agencies such as NASA. The thieves were able to manipulate Internet advertising to generate at least $14 million in illicit fees. In some cases, the malware had the additional effect of preventing users’ anti-virus software and operating systems from updating, thereby exposing infected machines to even more malicious software.

“They were organized and operating as a traditional business but profiting illegally as the result of the malware,” said one of our cyber agents who worked the case. “There was a level of complexity here that we haven’t seen before.”

DNS—Domain Name System—is a critical Internet service that converts user-friendly domain names, such as www.fbi.gov, into numerical addresses that allow computers to talk to each other. Without DNS and the DNS servers operated by Internet service providers, computer users would not be able to browse websites or send e-mail.

DNSChanger was used to redirect unsuspecting users to rogue servers controlled by the cyber thieves, allowing them to manipulate users’ web activity. When users of infected computers clicked on the link for the official website of iTunes, for example, they were instead taken to a website for a business unaffiliated with Apple Inc. that purported to sell Apple software. Not only did the cyber thieves make money from these schemes, they deprived legitimate website operators and advertisers of substantial revenue.

The six cyber criminals were taken into custody yesterday in Estonia by local authorities, and the U.S. will seek to extradite them. In conjunction with the arrests, U.S. authorities seized computers and rogue DNS servers at various locations. As part of a federal court order, the rogue DNS servers have been replaced with legitimate servers in the hopes that users who were infected will not have their Internet access disrupted.

It is important to note that the replacement servers will not remove the DNSChanger malware—or other viruses it may have facilitated—from infected computers. Users who believe their computers may be infected should contact a computer professional. They can also find additional information in the links on this page, including how to register as a victim of the DNSChanger malware. And the FBI’s Office for Victim Assistance will provide case updates periodically at 877-236-8947.

http://www.fbi.gov/news/stories/2011/november/malware_110911