" Welcome to Indo Pinoy"

Saturday, July 7, 2012

Malware On Monday: DNSChanger Frequently Asked Questions

A vicious malware will prevent infected computers from connecting to the Internet on Monday.

Known as DNSChanger Malware, the US FBI says that infected computers are redirecting unsuspecting users to a bogus web site or to interfere with that user’s online web browsing. Hackers responsible for the malware are able to retrieve personal information and passwords. which, if infected, redirects them to fraudulent web sites and will prevent them from going online on Monday.

According to the FBI, the number of computers that probably are infected is more than 277,000 worldwide, down from about 360,000 in April. About 64,000 still-infected computers are probably in the United States.

Here are the some frequently asked questions about DNSChanger Malware:

1. What is the DNSChanger Malware is and what it does?

DNSChanger malware is a classified as computer Trojan (a Trojan is similar to a virus, except that it does not replicate itself, it appears legitimate but performs some illicit activity on the computer system when it is run or can allow somebody from a remote site to take control of the computer).

When you’re infected by this DNSChanger, it changes computer’s Domain Name Server (DNS) to replace the ISP’s provided good DNS servers with rogue DNS servers operated by the DNSChanger author or criminal, in order to divert traffic to unsolicited, and potentially fake/illegal sites in order to steal some personal information (such as user names, passwords and credit card numbers). Viruses and Trojans have been infecting computers almost as long as computers have been in businesses. Some are relatively harmless, while others bring systems down. DNSChanger Trojan was malicious enough to force the FBI to step in (see attached FBI info about DNSChanger).

For infected users, this could mean that their Internet won’t work after July 9.

2. Why is it July 9?

In November 2011, in the “Operation Ghost Click” (Reference 3), FBI successfully shut down the DNSChanger Botnet. According to a court order, in order to avoid the infected computers to lost connection with Internet immediately, FBI was authorized to set up a number of temporary DNS server to maintain the DNS services for the victims to solve this issue within 120 days. This order would be expired on July 9, 2012.

If FBI decides to close these temporary DNS servers as scheduled, several millions of the DNSChanger bots worldwide would not able to connect to the Internet. To properly handle this problem, we must help the victims to clean up the malware as soon as possible.

More information can be found here: http://www.dcwg.org/

3. Which gadgets are vulnerable?

The DNSChanger is targeting Windows PCs to other platforms that include the Mac OS and home routers as well; mobile devices may also be affected.

4.  How does it affect customers and how does one know if his PC or gadget has been infected?

To figure out whether you’ve been infected with DNSChanger, just visit www.dns-ok.ca. This website checks your computer settings to see if it’s infected with DNSChanger. If the screen is green, you’re not affected. If the screen is red, your computer is infected with the DNS Changer malware. Perform this check on all the computers/laptops within your household.

Please note: if computer is infected, it must be removed by July 9th, 2012, in order to avoid disruption on Internet service.

5.  What can be done to prevent it?

You can be protected by DNSChanger infection if you are using latest Anti-virus/Anti-malware software. Most commercial-grade Anti-virus software out there (like McAfee, Symantec, Trend-Micro, F-Secure, etc.) can detect and remove this DNSChanger Trojan.

Courtesy of Globe Philippines via Noypistuff
Image credit: Noypistuff


Post a Comment


Our Some Major Sources
Phil Star
Bida Kapamilya