12:31 AM
Of late, people have noticed a warning on Google for its users that their computers could stop connecting to internet from July 9, 2012 onwards due to a computer infection.
Google’s message at the top of the pages says something to the effect of, "Your computer appears to be infected". It also carries an alert about computers not being able to connect to the Internet in the coming future. Moreover, the alert also offers an explanation of malware to the users, how to detect and remove it through a link.
The malware infection is called "DNSChanger." It is a kind of Trojan horse infection that has affected approximately 4 million computers worldwide, with about 500,000 of those in the United States alone. Once installed, the malware routes the system's DNS server settings to a malicious DNS network created by the malware developers.
As per webopedia.com – DNS stands for Domain Name System (or Service or Server), is an Internet service that translates domain names (www.facebook.com, www.twitter.com etc.) into IP addresses. Because domain names are alphabetic, they're easier to remember. The Internet however, is really based on IP addresses (a number that the computer and network devices can use). Every time you use a domain name, therefore, a DNS service must translate the name into the corresponding IP address. For example, the domain name www.example.com might translate to 198.105.232.4. The DNS system is, in fact, its own network. If one DNS server doesn't know how to translate a particular domain name, it asks another one, and so on, until the correct IP address is returned.
Without DNS, the user would have to type the numbers and dots into a browser to retrieve the Web site. The DNSChanger malware can control the IP address retrieval process and provide a fake IP address to the computer. In simple words, if a user typed the URL (website name) in a browser like Internet Explorer, the malware could redirect to a fake Web site that tries to phish (steal) information from him/her, make the user click on adverts for revenue, or otherwise perform harmful unwanted behavior.
In November of 2011, the FBI with authorities from other countries arrested the people behind the malware but, the infected computers stayed infected.
In order to keep the affected people online FBI set up a system using government computers through which harmful DNS network was kept active, so as to kill every fake re-route of users to phishing websites, and rather take users to correct website.
Unfortunately, the FBI system will be shut down on July 9, affecting internet connections. While the FBI has run a campaign for months, encouraging people to visit a website that checks for infections and tells how to fix them, numerous computers could still end up with no internet.
The deadline to shut down rogue servers (running the infection) was March 8, but as an estimated 450,000 systems were still carrying the malware, the date was pushed back to July 9. It is believed that roughly 330,000 systems are still infected, with about 77,000 of them being in the U.S.
You can do the following, if you see the Google warning:
Since the DNSChanger malware alters your DNS settings, you can easily determine if your system is infected by going to your network settings and looking up your DNS servers. Alternatively you can use the OS X Terminal utility (in the /Applications/Utilities) folder to look up your DNS servers by running the following command (change "Wi-Fi" to "Ethernet" if you use Ethernet connections):
networksetup -getdnsservers "Wi-Fi"
For Microsoft Windows (even within a Virtual Machine or Boot Camp on Mac):
Type CMD in ‘Start Search’ or ‘Search’ found usually at the bottom of the start menu, which is right above the ‘Start’ button (click it) in the bottom left-hand corner of the screen and press enter or click on CMD appearing at the top of the menu.
Type at the blinking cursor: ipconfig /all
In addition to checking the DNS settings on your computers, be sure to check the settings in your router (check your router's manual), since some variants of the DNSChanger malware affect routers too, which in turn affect all computers on the network.
Once you find DNS IP address, use the FBI's DNS IP checker tool to ensure it is genuine DNS servers - https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS
Another step you can take is to update or install the latest antivirus program on your computer, and scan with it. You can try the free programs (or their versions) such as Sophos Home Edition scanner, ClamXav, and Symantec's rerelease of iAntivirus for Mac, and Microsoft Security Essentials, PC Tools, AVG, and Avast for Windows.
In addition to the above-mentioned tools, user can try DNSChanger Removal Tool for Mac.
After checking your DNS server settings, changing them to legitimate ones (such as those from your ISP), and scanning your system with an antivirus tool, be sure to continue monitoring your DNS settings to ensure they do not revert.
Also do clear your browser's caches and cookies, to prevent warnings from being inadvertently reloaded after you have cleaned your computer and router of the malware.
If you think technical stuff is a problem for you, speak to your Internet Service Provider or IT/computer support provider.
Posted in: 
0 comments:
Post a Comment