« previous next »
Pages: [1]   Go Down

Author Topic: DNS virus  (Read 1863 times)

Offline eric j

  • Super Poster
  • ***
  • Posts: 345
    • View Profile
    • http://
DNS virus
« on: May 18, 2012, 08:36:42 AM »
Hi,

A friend forwarded to me (and others) a message that purports to come from a "computing company" warning about a DNS virus.
Here is part of the message:-

"We don't normally send out emails like this, but this is a BIG problem and NOT A HOAX.
On July 9th 2012, the FBI will be switching off some Internet Servers. This doesn't sound like an issue, but if your PC or laptop has been infected with this DNS Virus, all your Internet browsing will go through these Internet Servers and you won't be able to access the Internet. If your PC has reputable, up to date security software you should be ok. However, we would advise you on EVERY PC or LAPTOP you own to click on:
http://www.dcwg.org/detect/ (which has been setup by the FBI)
or go straight to: http://www.dns-ok.us/ to see if you are affected.
We would take this opportunity to remind you that Free Antivirus software does not offer full protection and if you wish to discuss your antivirus needs, then please do not hesitate to contact us."

The source info is a very long text and I lack the ability to comprehend its import. Somewhere within the word "Facebook" appears.

I have NOT clicked on either of the links, nor do I intend to. It smells to me like some form of scam.

Comments from the wise will be appreciated.

eric j

Logged

Offline jchuzi

  • TS Addict
  • *****
  • Posts: 3094
    • View Profile
DNS virus
« Reply #1 on: May 18, 2012, 08:39:16 AM »
The most suspicious part is where it claims that it is "NOT A HOAX". Right!... whistling.gif

I don't have the technical knowledge to make a final judgment, but I would run, not walk away from this.
Logged
Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P700, Photoshop CC, Lightroom CC, MS Office 365

Offline gunug

  • TS Addict
  • *****
  • Posts: 6710
  • TS Palindrome
    • View Profile
DNS virus
« Reply #2 on: May 18, 2012, 10:38:39 AM »
Logged
"If there really is no beer in heaven then maybe at least the
computers will work all of the time!"

Offline Paddy

  • Administrator
  • TS Addict
  • *****
  • Posts: 13797
    • View Profile
    • https://www.paddyduncan.com
DNS virus
« Reply #3 on: May 18, 2012, 11:03:29 AM »
The email doesn't explain things very well - at ALL. The DNS Changer trojan is OLD - fixes have been a round for a while. Apparently, some of those affected may NEED the wakeup call that getting knocked off the internet may have to provide.

QUOTE
The clueless, by the way, aren’t just individuals who never patch their computers and haven’t updated their anti-virus software this decade. No, according to IID (Internet Identity), a provider of technology and services that help organizations secure their Internet presence, 94 of all Fortune 500 companies and three out of 55 major government entities still had at least one computer or router that was infected with DNSChanger in March.


Here's a good explanation.

See: http://www.zdnet.com/blog/networking/dnsch...-this-july/2332
« Last Edit: May 18, 2012, 11:07:16 AM by Paddy »
Logged
"If computers get too powerful, we can organize them into committees. That'll do them in." ~Author unknown •iMac 5K, 27" 3.6Ghz i9 (2019) • 16" M1 MBP(2021) • 9.7" iPad Pro • iPhone 13

Offline tacit

  • TS Addict
  • *****
  • Posts: 1628
    • View Profile
    • http://www.xeromag.com/
DNS virus
« Reply #4 on: May 19, 2012, 05:59:30 PM »
The email is legitimate.

Last year, Russian organized crime released a family of malware variously known as W32/DNSchanger, W32/Zlob, OSX.RSplug.A, OSX.DNSchanger, and so on.

What this malware did was point infected computers at hostile domain name servers run by organized crime. That way, they could control where you went on the Internet; for example, if you opened your browser and typed www.paypal.com or a bank URL or whatever, they would redirect you to a fake site under their control and steal your login information. When you go to Google, they would intercept you, remove the Google ads, place their own ads, and then give you the Google page.

The FBI coordinated with law enforcement in several other countries and arrested all but one of the criminals responsible, who fled back to Russia. However, there are still tens of thousands of computers infected, and they are still using the hostile name servers.

So the FBI took over the name servers, because otherwise the computers that were still infected would be totally cut off from the Internet.

However, the FBI doesn't want to be in the name server business, so it's going to shut down those name servers soon. When they do, everyone who is infected and hasn't cleared out the infection will be unable to reach the Net.

The patch to fix the infection has been out for more than a year now, but still tens of thousands of computers are infected, which shows just how bad people (and businesses!) are about keeping secure. I know so many people who say things like "I don't understand why everyone freaks out about computer viruses, I've never been infected" who are probably infected sixteen ways from Sunday and simply don't know it.

There's an interesting postscript to this story. The one guy who escaped the law enforcement raid and fled back to Russia? He is believed to be the person responsible for the Mac Flashback malware.
Logged
A whole lot about me: www.xeromag.com/franklin.html

Offline eric j

  • Super Poster
  • ***
  • Posts: 345
    • View Profile
    • http://
DNS virus
« Reply #5 on: May 22, 2012, 07:50:42 AM »
Hi,

As I expected, nice people here have come to my rescue. Many thanks. I feel fortunate to have stumbled upon TS a few years ago. In contrast to some other forums I occasionally visit, in TS I have never seen ill-mannered and irrelevant comments from anyone.

eric j
Logged
Pages: [1]   Go Up
« previous next »