FBI will shutdown the Internet on March 8 as 'Operation: Ghost Click'

Discussion in 'Americas' started by JAYRAM, Mar 7, 2012.

  1. JAYRAM

    JAYRAM 2 STRIKE CORPS Senior Member

    Joined:
    Mar 8, 2011
    Messages:
    3,274
    Likes Received:
    313
    Location:
    North Frontier, The Mighty Himalaya's
    [​IMG]

    The Internet could go dark for millions of users as early as March 8 because of a virus that has corrupted computers in more than 100 countries. Last year, authorities in Estonia apprehended six men believed responsible for creating a malicious computer script called the DNSChanger Trojan. Once set loose on the Web, the worm corrupted computers in upwards of 100 countries, including an estimated 500,000 in America alone.

    The primary impact of this infection is that it caused web surfers to be sent to fraudulent websites by changing what is called the DNS settings on compromised computers.The Domain Name System (DNS) is the backbone of the Internet's address scheme and DNS servers are special computers around the world that act as Internet traffic cops providing directions to websites that you wish to visit.

    Though the FBI has shut down the DNSChanger network and put up surrogate servers, they warned the solution was only temporary - and the court-ordered deadline is March 8. When the FBI pinched this group, if they had shut down the rogue DNS servers, everyone that was infected would have instantly been cut off from the Internet so the FBI chose a different strategy.They decided to get a court order allowing them to replace the rogue DNS servers with legitimate stand-ins so that all the infected computers wouldn't get cut off without warning giving them time to get the word out.

    Both Windows and MacOS users are at risk for this infection because it exploits your browser, not your operating system. If you are somewhat technical, you can do a self-check of your computer to make sure you're not infected by comparing your computer's DNS setting to the list of rogue DNS servers:

    85.255.112.0 through 85.255.127.255

    67.210.0.0 through 67.210.15.255

    93.188.160.0 through 93.188.167.255

    77.67.83.0 through 77.67.83.255

    213.109.64.0 through 213.109.79.255

    64.28.176.0 through 64.28.191.25


    The FBI has published a pretty decent guide to performing the self-check here. If you are infected by the DNSChanger Trojan, the FBI reminds us that this malware also disables security updates which could have further exposed you to other malware.

    FBI will shutdown the Internet on March 8 | The Hacker News
    (THN)


    Related news:

    Internet to be shutdown by FBI on 8th March 2012 | HackRead.com
     
    Last edited: Mar 7, 2012
  2.  
  3. nrj

    nrj Stars and Ambassadors Stars and Ambassadors

    Joined:
    Nov 16, 2009
    Messages:
    9,252
    Likes Received:
    3,347
    Location:
    Brussels
    Fake.....................
     
  4. JAYRAM

    JAYRAM 2 STRIKE CORPS Senior Member

    Joined:
    Mar 8, 2011
    Messages:
    3,274
    Likes Received:
    313
    Location:
    North Frontier, The Mighty Himalaya's
    Avoid Internet Doomsday: Check for DNSChanger Malware Now

    By Fahmida Y. Rashid
    March 7, 2012 12:00am EST

    A federal judge has given users infected with DNSChanger a four-month extension to get clean.

    The FBI-controlled DNS servers that replaced the malicious servers will not shut down on March 8 as previously announced. But nearly half a million computers are still at risk for losing Internet connectivity when the new deadline rolls around in July.

    Back in November, law enforcement authorities working with the Federal Bureau of Investigation arrested six of the seven individuals in Estonia responsible for infecting millions of Windows and Mac machines worldwide with the DNSChanger Trojan. As part of the "Operation Ghost Click" raid, FBI agents also seized over 100 servers at data centers throughout the United States masquerading as legitimate DNS servers.

    The DNSChanger malware replaced the Domain Name System settings for the computers and routers it infected with addresses of malicious servers. When users tried to access certain websites, the rogue DNS servers redirected the Web traffic through other servers controlled by the criminals. Those criminals pocketed millions of dollars in affiliate and referral fees by diverting users through those sites, according to the FBI.

    Users who found themselves landing on strange sites unexpectedly, or had home computers that had difficulty connecting to their work VPNs were likely to be infected.

    Interim Measures

    Since machines with modified DNS settings would be unable to access the Internet once the rogue servers went dark, the FBI obtained a court order that allowed the non-profit Internet Systems Consortium to set up alternate DNS servers to temporarily replace the malicious servers. These servers were intended to give people time to clean up the infection. The court order was originally set to expire March 8, but prosecutors filed for an extension with the U.S. Court in the Southern District of New York because a significant number of computers still remained infected.

    In early February, Internet Identity estimated about 400,000 computers in the U.S. of the initial million were still infected. At least 94 of all Fortune 500 companies and three out of 55 major government entities had at least one computer or router that was infected with DNSChanger as of Feb. 23, according to IID. Updated numbers are currently unavailable.

    The new deadline for getting cleaned up and averting the Internet blackout is now July 9. Users should immediately check their computers if they haven't already done so.

    How to Save Your Connection

    While the DNS Changer Working Group - Checking for DNS Changer Malware has provided step-by-step instructions for Windows XP, Mac OS X, and Windows 7 machines to check for an infection, a number of services and tools have popped up to make detection a fairly straightforward process.

    The DNSChanger Eye Chart - DNS Changer Eyechart - Clean is one such tool. If the user on an infected computer goes to the site, the image on the page is displayed with a red background. If the machine is clean, the image has a green background. The eye chart will also show a red image if the home router is infected, even if the computer itself is clean.

    Avira released a free tool for Windows systems that detects whether the computer is configured to use one of the temporary DNS servers. Despite the name, however, the Avira DNS Repair Tool - Knowledgebase for Home is just a diagnostic tool and won't be able to remove the Trojan if it exists.

    The FBI also has a lookup form on its website. The user can type in the IP address of the DNS server configured on the machine to find out if it is one of the malicious ones identified by law enforcement authorities.

    Removing DNSChanger

    Once the infection has been found, the next step is to remove it. Because DNSChanger is a rootkit, removing it not as simple as running an antivirus. One option is to reinstall the operating system and start over from scratch. Kaspersky Lab offers TDSSKiller, a rootkit removal tool, which can also detect DNSChanger and remove it from infected systems.

    Some ISPs, such as Comcast, are offering $100+ services to remove the infection for their customers. Concerned users should reach out to their ISPs for similar services.

    The government does not expect average users to clean up their systems, however.

    "Users who believe their computers may be infected should contact a computer professional," to remove the Trojan, the FBI recommended in its working paper. If you discover that your system is among the nearly half a million infected systems and doubt your own ability to clean it up, DCWG has links to organizations that can help with DNSChanger removal on its website - Cleaning up DNS Changer Malware

    FBI Site:
    https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS

    FBI — International Cyber Ring That Infected Millions of Computers Dismantled



    Related news:


    DNSChanger Affects Fortune 500 and Government
    Will Your Browser Go Dark on March 8?
     
    Last edited: Mar 7, 2012
  5. JAYRAM

    JAYRAM 2 STRIKE CORPS Senior Member

    Joined:
    Mar 8, 2011
    Messages:
    3,274
    Likes Received:
    313
    Location:
    North Frontier, The Mighty Himalaya's
    An Update on DNSChanger and Rogue DNS Servers

    Tuesday, March 6, 2012 at 10:48am by Jim Walter
    Jim Walter

    In late 2011, the FBI released documents and data focusing on “Operation Ghost Click“. This malicious operation, leveraging a variety of DNSChanger-type malware, was defined as an “International Cyber Ring That Infected Millions of Computers.”

    Associated malware samples and events can be traced back several years, and multiple platforms were targeted, and to this day remain affected/infected and are still open to compromise.

    There amount of helpful data around this issue is plentiful. Even the FBI has provided a tool to Check to see if your host/IP is affected.

    https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS

    So, fast-forward to the present day. . . .

    Within McAfee Labs we have been flooded with queries (<— intentional DNS pun) on what is to be done on March 8th, and what other impacts might ripple through their environment as the FBI takes the next steps towards conclusion of Operation Ghost Click.

    The Good News!

    On March 5th, a US District Court (New York) signed an order to extend the March 8th deadline to July 9th.

    This extension will allow for all affected entities to continue to track-down and remediate agains hosts which are still compromised. Current data indicates that there are still several million infected/affected hosts world-wide dealing with this issue.

    Also, as a handy reminder, the offensive Netblocks are well documented:

    67.210.0.0 through 67.210.15.255
    93.188.160.0 through 93.188.167.255
    77.67.83.0 through 77.67.83.255
    213.109.64.0 through 213.109.79.255
    64.28.176.0 through 64.28.191.255

    To learn more about how to maintain your online connection and to protect against this malware family, read our new Threat Advisory.

    https://kc.mcafee.com/corporate/index?page=content&id=PD23652

    For McAfee Customers – Detection for associated malware is provided under the DNSChanger Trojan family.

    Example - DNSChanger.f - Malware - McAfee Labs Threat Center

    An Update on DNSChanger and Rogue DNS Servers | Blog Central
     
  6. JAYRAM

    JAYRAM 2 STRIKE CORPS Senior Member

    Joined:
    Mar 8, 2011
    Messages:
    3,274
    Likes Received:
    313
    Location:
    North Frontier, The Mighty Himalaya's
    DNSChanger: FBI’s Internet Blackout Postponed to July 9, 2012

    Tuesday, March 06, 2012



    Many people are asking me for updates on the case DNSChanger which caused many network users to hold their breath.

    During the last several months, news was circulating about the planned blackout of the Internet for potentially millions of users on March 8, as had been scheduled by the FBI.

    To counter the threat, the FBI had initially planned to shutdown several DNS on March 8, with the undesirable side effect of blocking millions of still infected users from the Internet.

    The action must be taken in order to stop the spread of the DNSChanger Trojan, malware that has infected million of computers all over the world in more than 100 countries. The story begins last year in Estonia where a group of persons accused of having developed the dreaded trojan that seems to be able to spread with surprising ease were arrested.

    Under a court order, which expires March 8, the Internet Systems Corporation has been operating replacement DNS (domain name servers) for the DNSChanger botnet. This was done to allow affected networks time to identify infected hosts, and avoid a sudden disruption of services to victim's.

    Last week a federal judge postponed that order for the blackout of the surrogate servers for 120 days to give companies, businesses and governments more time to mitigate the threat.

    A copy of the court order extending the deadline until July 9, 2012 is available on the following here.

    What does the DNSChanger Malware do?


    The botnet operated by Rove Digital altered user DNS settings, pointing victims to malicious DNS servers from data centers in Estonia, New York, and Chicago. The malicious DNS servers would return malicious responses, altering user searches, and promoting fake and dangerous products.

    Because every web search starts with DNS, the malware showed users an altered version of the Internet. Once it was discovered by the FBI, to allow businesses and private individuals affected by DNSChanger time to cleanse infected systems, they replaced the Trojan’s infrastructure with surrogate DNS servers.

    By replacing the command-and-control (C&C) servers, the feds have prevented the worm from further propagation. The FBI took over the botnet’s C&C servers in November as part of Operation Ghost Click - Operazione Ghost Click - Trend Micro Italia

    [​IMG]

    DNSChanger is able to change inside the infected system the DNS settings ans thus hijacking web traffic to unwanted and infected sites.

    Despite the efforts by the press and the major law enforcement, the situation is far from reassuring, because too many PCs are infected and potentially impacted by the planned blackout.

    More than 3 million PCs worldwide are still infected with DNSChanger, and that is the main reason authorities decided to extend the period before the planned shutdown of the surrogate servers.

    A special task force to provide support for private companies was established to provide the necessary instructions for the removal of malware, and can be accessed at the site DCWG.org

    DNSChanger: FBI’s Internet Blackout Postponed

    Related news:

    www.inforats.com/dns-changer-deadline-extended/

    http://news.softpedia.com/news/Internet-Shutdown-Postponed-by-Court-to-July-9-2012-257202.shtml

    http://www.computerworld.com/s/arti...e_as_malware_cleanup_progresses?taxonomyId=82
     
    Last edited: Mar 7, 2012
  7. JAYRAM

    JAYRAM 2 STRIKE CORPS Senior Member

    Joined:
    Mar 8, 2011
    Messages:
    3,274
    Likes Received:
    313
    Location:
    North Frontier, The Mighty Himalaya's
    its true.. our dfi is so late to hear it.......
     
  8. JAYRAM

    JAYRAM 2 STRIKE CORPS Senior Member

    Joined:
    Mar 8, 2011
    Messages:
    3,274
    Likes Received:
    313
    Location:
    North Frontier, The Mighty Himalaya's
    Computers infected with DNSChanger get a reprieve from internet cut off

    By Ryan Heise on March 7, 2012 06:12 am

    [​IMG]

    The US government has secured an extension to keep computers infected with the DNSChanger malware connected to the internet until July 9th. The move prolongs the original date of March 8th set by the Southern District of New York court, which would have seen the remaining infected systems be cut off from the web. Systems infected with DNSChanger — which were originally reported to number about four million worldwide, including systems at half of all fortune 500 companies and US federal agencies [http://www.theverge.com/2012/2/17/2806752/dnschanger-malware-fortune-500-federal-agencies] —
    currently access the internet through temporary DNS servers that replaced the rogue servers seized by the FBI. While the instances of DNSChanger appear to have dropped significantly, the original 120 days to clean out the malware apparently wasn't enough.

    Over the last month, the temporary servers routed an average of 430,000 infected IP addresses according to the government request for extension. Security firm Internet Identity also found that at least 94 Fortune 500s and three major government agencies are still infected with DNSChanger. The remaining infected systems will now have an additional four months to get rid of the malware before having their DNS pulled.

    It's estimated that DNSChanger generated close to $14 million in illicit advertising money via click hi-jacking and replacing online ads. The six individuals who were allegedly responsible for releasing the malware have been cleared for extradition by an Estonian court to face trial in the US []balticbusinessnews.com.

    Computers infected with DNSChanger get a reprieve from internet cut off | The Verge
     
  9. JAYRAM

    JAYRAM 2 STRIKE CORPS Senior Member

    Joined:
    Mar 8, 2011
    Messages:
    3,274
    Likes Received:
    313
    Location:
    North Frontier, The Mighty Himalaya's
    Planned US Internet Blackout On March 8 Raises Concerns

    [​IMG]

    February 11, 2012

    Planned US Internet Blackout On March 8 Raises Concerns

    By: Sorcha Faal, and as reported to her Western Subscribers
    According to this report, The Federal Bureau of Investigation (FBI) will unplug on 8 March the Domain Name System (DNS) servers it set up to replace rogue DNS servers that sent victims to malicious sites.

    A report on Infoworld - [Security slackers risk Internet blackout on March 8 | Anti virus - InfoWorld] said the removal of this temporary fix may affect “a substantial number” of users, as half of Fortune 500 companies and US government agencies are infected with the malware - [Half of Fortune 500s, US Govt. Still Infected with DNSChanger Trojan &mdash; Krebs on Security], not to mention tens-of-millions of privately owned American computers.A disturbing Ministry of Trade report circulating in the Kremlin today is raising serious concerns over the United States plan to shut down significant parts of the Internet on 8 March in a move many Russian experts warn could be a prelude to massive attacks against the growing number of dissidents in that country.

    The rogue DNS servers replaced by the FBI were seized this past November in Estonia following a two-year operation called “Ghost Click” where six Estonians working for Rove Digital were taken into custody by Estonian authorities in what is called the biggest cyber criminal takedown in history - [Operation Ghost Click, the Biggest Cyber-Bust Ever, Shuts Down Estonian Bot Ring | Popular Science] and the US is now hoping to extradite them; a Russian suspect said remains at large.

    Those captured by the FBI and Estonian authorities used DNS Changer malware to redirect unsuspecting users to rogue servers that allowed them to manipulate users’ web activity. When users clicked on the link for the official iTunes website, for example, they were instead taken to a completely different website that purported to sell Apple software. These criminals, reports the FBI, are believed to have made at least $14 million from the scam.

    Federal Security Services (FSB) addendums to this report note that even though FBI and Estonia authorities took claim for this cyber bust it was, in fact, Russian officials who supplied the critical information needed for bringing down this criminal ring after extracting a detailed confession from Russian Internet businessman Pavel Vrublevsky, and self-confessed MOSSAD agent, in late October, 2011, prior to his sentencing in a Moscow Court.

    rublevsky was knowledgeable about the Estonian operation through his association with Rove Digital founder Vladimir Tsastsin who was a major investor in his companyChronoPay, a major Russian payment processing firm.

    Upon forwarding their information to FBI and Estonian authorities about Rove Digital’s rogue servers, the FSB says in this report, Russian computer security experts sought to reverse the damage done to millions of computers around the world by manipulating the malware used which would have, in essence, neutralized the threat, but were overruled by the Americans who, instead, seized the servers a few days later and appropriated the malware for their “own uses.”

    To why the US would not apply a rapid fix to the millions of computers affected by this malware as suggested by Russian experts, and, instead, replace the rogue servers with their own, and then turn around on 8 March and disconnect them all has left many in the Kremlin puzzled and concerned.

    The greatest concern, this report says, is the “high potential” for the US to further infect computers without anyone realizing what they are doing so that on 8 March millions of Americans would discover they no longer had access to the Internet, and would not know why.

    To effectively engineer an Internet blackout, while at the same time holding themselves blameless, the Ministry says, could be linked to any number of dissident suppression moves known to be being planned by the US which as of 9 February had already jailed at least 6,509 people protesting against the Obama regime.

    Massive military movements within the United States, as we had previously reported on - [Massive US Troop Movements In California Raise Russian Concerns], are, also, continuing unabated as new reports - [Breitbart]this week detail US Marine assault exercises being carried out on their East Coast regions, a move made even more suspect after it was discovered that a sniper unit of this elite military force has begun using as its logo the dreaded Nazi SS symbol [U.S. News - Defense Secretary Panetta orders new look into Marines' flag bearing Nazi SS logo]

    Equally concerning about the Americans planned 8 March Internet blackout is its coming two days after what is called Super Tuesday elections (6 March) for the Republican Party challenger to President Obama for the Presidency which would allow for massive voter manipulation by US authorities to “pick” who wins this most crucial race.

    Important to note about this particular scenario, and as we had previously reported on in our 18 January report “Kissinger vows to China: “Jeb Bush Will Be Next President,” - [Kissinger vows to China: “Jeb Bush Will Be Next President”] it was more than interesting to read this new US report that, in part, says:

    “Al Cardenas, head of the American Conservative Union, has said that Republican turmoil might lead to a brokered convention in which Jeb Bush, former Florida governor, would emerge as a “possible alternative” party nominee. Mr. Cardenas, who is running this year’s Conservative Political Action Conference (CPAC), a gathering in Washington of some 10,000 conservatives, told MailOnline that it was not certain that one of the four current Republican candidates would emerge victorious.”- Top Republican at CPAC: Jeb Bush could emerge as nominee at a brokered convention - Mail Online - Toby Harnden's blog

    To what the final outcome of this planned 8 March shutdown of the Internet will be it is not in our knowing, other than to note that those who haven’t applied a “FIX” - [Checking for DNS Changer Malware]to their own computer systems yet should do so as soon as possible lest they find themselves blind.

    February 11, 2012 © EU and US all rights reserved. Permission to use this report in its entirety is granted under the condition it is linked back to its original source at WhatDoesItMean.Com. Freebase content licensed under CC-BY and GFDL.

    February 11, 2012 Planned US Internet Blackout On March 8 Raises Concerns «
     
  10. JAYRAM

    JAYRAM 2 STRIKE CORPS Senior Member

    Joined:
    Mar 8, 2011
    Messages:
    3,274
    Likes Received:
    313
    Location:
    North Frontier, The Mighty Himalaya's
  11. JAYRAM

    JAYRAM 2 STRIKE CORPS Senior Member

    Joined:
    Mar 8, 2011
    Messages:
    3,274
    Likes Received:
    313
    Location:
    North Frontier, The Mighty Himalaya's

    No internet starting March 8 ?? Not really!!


    Wednesday, February 22. 2012
    Posted by Shrinivas

    There are news going around that there will be complete blockage of the internet from Eight march. Well this is not the complete and true story.

    Only the users which are affected with the DNS changer Trojan will be facing the Internet blockage and not all the users.

    In order to clear some air regarding this, below is the brief description of the working of one of the DNS changer Trojan.

    After execution of the sample, it simply changes the default DNS present on the system to some rouge DNS server and delete the copies of itself.

    So whenever the user access any site suppose 'Google.co.in", the request is sent to the Rouge DNS server which uses the query to display relevant ads to the query. This is also used to stop the Antivirus from getting update.

    FBI in November found one such Rouge DNS network. Taking down these system at that time could have resulted in complete stoppage of internet for those users having the rouge DNS.

    FBI replaced the Rouge DNS server with the legitimate ones-- a measure the agency said to be in effect for 120 days [ i.e till Eight March ]. This is done so as to give some time to the infected users to clean up the system.

    To verify whether you are infected by DNS Changer Trojan, do check your DNS Server ip [ Run-> Cmd-> Ipconfig /all ]
    and if the DNS server's ip falls in between these range, then it is possible that your system is infected with the DNS Changer Trojan.


    [​IMG]

    We kindly request all the users not to trust such news completely.

    Quick Heal detects this Trojan as Trojan.DnsChanger.Gen

    No internet starting March 8 ?? Not really!! - Quick Heal Weblog
     
  12. JAYRAM

    JAYRAM 2 STRIKE CORPS Senior Member

    Joined:
    Mar 8, 2011
    Messages:
    3,274
    Likes Received:
    313
    Location:
    North Frontier, The Mighty Himalaya's
    Operation Ghost Click DNS servers to shut down in March

    by Topher Kessler January 23, 2012 1:44 PM PST

    The DNSChanger malware servers that were converted by the FBI's Operation Ghost Click - [FBI tackles DNSChanger malware scam | MacFixIt - CNET Reviews] to function legitimately will be shut down in March, possibly leaving some systems unable to access the Internet.

    One of the more widespread malware efforts over the past few years was the DNSChanger scam, which installed a Trojan horse that would change the DNS server settings on affected computers to divert traffic to rogue servers.

    The DNS system is essentially the Internet's phone book that allows your computer to resolve a URL to the IP address of the server that hosts its contents. By changing a computer so that it uses a rogue DNS server, the DNSChanger malware was thus able to redirect valid URLs (such as those for banking institutions) to malicious Web sites in order to steal personal information.

    This malware effort was cross-platform, and was suspected to have affected millions of PC and Mac systems worldwide, over half a million of them being in the U.S. Overall it raked in millions of dollars for the thieves behind it, until last November when the FBI in cooperation with several foreign governments carried out Operation Ghost Click, arresting several alleged perpetrators and officially ending the scam.

    Because numerous PC systems were found with altered DNS settings that pointed to the rogue DNS servers, authorities responsible for Operation Ghost Click decided to leave the rogue DNS network intact and just convert it to run as a legitimate DNS system. As a result, any PC still infected with the DNSChanger malware would start resolving URLs properly again.

    This fix made the situation easy for computer users with the malware installed, since their systems would now work properly. However, this will soon change. Earlier this month, the German Federal Office for Information Security issued a press release (German) - [https://www.bsi.bund.de/ContentBSI/...gegen-Schadsoftware_DNS-Changer_10012012.html] stating that converted DNS servers will be shut down on March 8.

    That means that any system that was infected and is still configured with the rogue DNS servers will not be able to access the Internet and will give error messages about not being able to resolve host names. Hence, these systems will have to be cleared of the DNSChanger malware and have their DNS settings reconfigured.

    The easiest way to check whether your system has been configured with a rogue DNS by the DNSChanger malware is to enter your DNS server's IP address on the FBI's DNS IP checker Web page - [https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS]

    To look up your DNS address, go to the Network system preferences in OS X, select your active network connection (AirPort or Ethernet), and click the Advanced button. Then choose the DNS tab and see the list of IP addresses in the DNS Servers list.

    An alternative way to view the DNS settings is to open the Terminal utility and type in the following command:

    networksetup -getdnsservers "Wi-Fi"


    This command will show the DNS servers that are being used for your Wi-Fi connection, but you can change the word "Wi-Fi" to "Ethernet" or to the name of any other network service (listed in the Network system preferences).

    If your DNS IP address checks out and is valid, then you have nothing to worry about. However, if the site reports that the IP address is a compromised one, then your best bet is to download and run a malware scanner that can detect and remove the DNSChanger malware, such as Sophos Antivirus, Norton AntiVirus, or Intego VirusBarrier. After the malware has been removed, go to the DNS settings in your system preferences (see above), and remove any IP addresses from the server list.

    Some later versions of the DNSChanger malware were able to change routers' settings in addition to computers' settings, so if you are unable to remove the IP addresses because they are grayed out, then go to your router's configuration and remove any custom DNS entries from it. After doing this, disconnect your system from the network and reconnect to establish a new configuration from the router.


    Operation Ghost Click DNS servers to shut down in March | MacFixIt - CNET Reviews
     
  13. JAYRAM

    JAYRAM 2 STRIKE CORPS Senior Member

    Joined:
    Mar 8, 2011
    Messages:
    3,274
    Likes Received:
    313
    Location:
    North Frontier, The Mighty Himalaya's
  14. utubekhiladi

    utubekhiladi The Preacher Elite Member

    Joined:
    Dec 3, 2010
    Messages:
    3,021
    Likes Received:
    1,423
    Location:
    TX, USA
  15. nrj

    nrj Stars and Ambassadors Stars and Ambassadors

    Joined:
    Nov 16, 2009
    Messages:
    9,252
    Likes Received:
    3,347
    Location:
    Brussels
  16. JAYRAM

    JAYRAM 2 STRIKE CORPS Senior Member

    Joined:
    Mar 8, 2011
    Messages:
    3,274
    Likes Received:
    313
    Location:
    North Frontier, The Mighty Himalaya's
    Simple Background:

    1. A DNS is a Domain Name Server. When you type in Google, a DNS translates that into an IP address depending on your location. We all use them. They are required.

    2. The DNS Changer virus changes your DNS server to a malicious location that sends you to malicious websites. So when you type google.com, you end up going to a bad place instead of Google. Simple as that.

    3. It made its debut in 2007. In November 2011, the FBI shutdown the rogue DNS servers. Being the nice guys they are, rather than disabling millions of web users ability to browse the web, they replaced the rogue DNS with a good one. If they hadn’t and you had the DNS Changer virus, you would have lost your ability to browse. Very thoughtful in my book.

    4. The FBI announced that as of March 8, 2012, they will no longer support the temporary DNS. This deadline has now been extended to July 2012. If you still have the DNS Changer virus after they remove the servers, you will not be able to resolve websites and thus, will not be able to browse the web.
    Common Questions:

    Q: I received a letter that my internet is being shutoff. Why is Comcast shutting off my internet?

    A: Comcast or any other ISP is not shutting off your internet. The FBI is taking down the temporary servers. If you do not have the DNS Changer virus, you will not be impacted.

    Q: How many people will be affected by the ‘internet shut-down’?

    A: Originally millions were infected globally with about 500 thousand in the United States. Currently, thousands of computers on fortune 500 networks and government agencies are potentially still infected. An estimated 400 thousand users or more total.

    Q: How do I know this isn’t a scam?

    A: Research online and you will see the chatter. Both the FBI and major Internet Service Providers like Comcast have spent thousands if not millions in an effort to stop the virus and educate customers. Conspiracy theorists need to use common sense, as no organization wants to spend money and time just to ’cause you headaches”. In fact, the potential impact of this virus on our economic system is one of the leading reasons the FBI was granted a ‘stay of execution’ by a federal judge.

    Q: How can I tell I have the DNS Changer Virus?

    A: See Below or just wait till July 9th. If you cannot browse the web, good chance you have it.

    Q: I pay for Internet, shouldn’t Comcast fix this for me?

    A: No. Simply No. Your computer and your network are your responsibility. As a courtesy, some ISPs will provide equipment like routers and wireless gateway devices (wireless router and modem combo) but the configuration of and maintenance of is the end users responsibility. Best analogy is your ISP maintains the roads and highways, but if your car breaks down, you’re going to need a mechanic. Or, in this case, if you pick up a terrorist and throw him in your trunk unknowingly, you’re going to need to get rid of him. And end-user terms and conditions actually state that you are not supposed to be transporting terrorists on the roads.

    Detecting the Virus

    The FBI offers a reasonably simple ‘do-it-yourself” paper - http://www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-malware.pdf on the subject. The virus impacts your local computer and/or your router.

    Check your PCs:

    • Launch Command Prompt and type “ipconfig /all”
      [*] Look for ‘DNS Servers’
      [*] If you have an IP in the following ranges listed under that entry, your computer is infected:


    85.255.112.0 through 85.255.127.255
    67.210.0.0 through 67.210.15.255
    93.188.160.0 through 93.188.167.255
    77.67.83.0 through 77.67.83.255
    213.109.64.0 through 213.109.79.255
    64.28.176.0 through 64.28.191.255


    Check Your Router:

    • Your router can be infected if it was left unsecure and has or had the default manufacturer logins. If your network is secured and you used a custom admin login/password to configure your router, it should be ok.
    • Consult your manufacturer documentation to access and check DNS Server settings within your router.


    DNS Changer Deadline Extended
     
  17. A chauhan

    A chauhan "अहिंसा परमो धर्मः धर्म हिंसा तथैव च: l" Senior Member

    Joined:
    Oct 10, 2009
    Messages:
    4,927
    Likes Received:
    4,557
    Location:
    Raipur
    Does it affect only Windows or it can damage a linux pc too ?
     
  18. Kunal Biswas

    Kunal Biswas Member of the Year 2011 Moderator

    Joined:
    May 26, 2010
    Messages:
    27,574
    Likes Received:
    28,348
    Location:
    BHARAT, INDIA, HINDUSTHAN
    This is for all DFI members, as this also effect DFI..
     
    A chauhan likes this.
  19. H.A.

    H.A. Senior Member Senior Member

    Joined:
    Dec 24, 2011
    Messages:
    1,445
    Likes Received:
    679
    i thought everybody is celeberating April 1st little early...
     
    W.G.Ewald and Kunal Biswas like this.
  20. W.G.Ewald

    W.G.Ewald Defence Professionals/ DFI member of 2 Defence Professionals

    Joined:
    Sep 28, 2011
    Messages:
    14,140
    Likes Received:
    8,528
    Location:
    North Carolina, USA
    The subject purported shutdown would not be within the mission or capabilities of the FBI in any case. Maybe NSA. Just sayin'.

    American "Kill switch bill"

    Cyberwarfare - Wikipedia, the free encyclopedia
     
  21. Blackwater

    Blackwater Veteran Member Veteran Member

    Joined:
    Jan 9, 2012
    Messages:
    20,982
    Likes Received:
    11,810
    Location:
    Akhand Bharat
    i have also heard that Facebook is closing down 15 march JAY RAM JI KI
     

Share This Page