DNS Changer malware --- prompt action recommended

[Clint]

For some people, a computer time-bomb will go off at midnight tonight. Those people have computers infected with a virus called (among other things) DNS Changer.

You can read about it here: here and here.


There's an easy, quick, non-invasive check you can run on your computer, to see whether this even pertains to you.

There are various websites offering this check, which takes about 5 seconds to perform. Nothing is downloaded to your computer. None of your computer settings will be changed during this check. And your computer will not be scanned during this check.

The check will produce one of two results: either a clean bill-of-health, or a warning that your computer appears to be infected with DNS Changer malware.

If your computer is clean, you can forget about this problem.

If you are infected, you will have to decide which method to use to clean your computer.



I have done the check, and it appears to be as easy, non-invasive, and harmless as it's claimed to be.

I used the site listed for the U.S. (dns-ok.us/) and got this result:

I don't pretend to understand the technical details of this malware, or why the FBI has been neutralizing it, rather than simply eliminating it, since they discovered it in November of 2011. But, I've read in several sources that whatever the FBI has been doing will stop at midnight tonight, which will essentially release this malware to continue doing what it was designed to do.

If your computer is infected, and if you do not clean it before midnight tonight, apparently you will be unable to access the "real" internet; instead, your attempts to log onto certain legitimate websites will result in your being redirected to the fake sites set up by the malware developers. The malware developers will, in effect, be misdirecting you into an "alternate internet".

Apparently, cleaning a computer infected with the DNS Changer malware will not be difficult --- before midnight tonight. After midnight, apparently, it will become much more difficult.

What's that old saying about "an ounce of prevention....."?

[TalonD]

what I want to know is why the FBI is involved. All other viruses are tackled by the usual antivirus vendors like Norton or AVG etc. Something is fishy. It's probably more hype than anything anyway kinda like the y2k non event.

[Clint]

what I want to know is why the FBI is involved.

Here's a bit more about it ---

Essential News from The Associated Press
AAA Jul. 8, 2012 9:26 PM ET

Click it: Remember to check computer for malware

By LOLITA C. BALDOR, Associated Press


WASHINGTON (AP) — Internet providers have plans to help their customers Monday and others are braced for calls to helplines because thousands around the country whose computers were infected with malicious software more than a year ago faced the possibility of not being able to get online.

Internet users scanning their Twitter feeds or Facebook accounts Sunday were encouraged to add one more quick click to check their computer for malware.

Some providers may put technical solutions in place that will correct the server problem that could hit some computers after midnight EDT Sunday. It they do, the Internet will work, but the malware will remain on victims' computers and could pose future problems, said Tom DeGrasso, an FBI supervisory special agent.

At 12:01 a.m. EDT, the FBI planned to shut down the Internet servers set up as a temporary safety net to keep infected computers online for the past eight months. The court order the agency obtained to keep the servers running expired, and it was not renewed.

The problem began when international hackers ran an online advertising scam to take control of more than 570,000 infected computers around the world. When the FBI went in to take down the hackers late last year, agents realized that if they turned off the malicious servers being used to control the computers, all the victims would lose their Internet service.

In a highly unusual move, the FBI set up the safety net. The bureau brought in a private company to install two clean Internet servers to take over for the malicious servers so that people would not suddenly lose their Internet.

The FBI arranged for a private company to run a website — DCWG | DNS Changer Working Group — as a place where computer users could go to see if their computer was infected and find links to other computer security business sites where they could find fixes for the problem.

From the onset, most victims didn't even know their computers were infected, although the malicious software probably has slowed their web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.

Many computer users don't understand the complex machines they use every day to send email, shop, and cruise for information. The cyberworld of viruses, malware, bank fraud and Internet scams is often distant and confusing, and warning messages may go unseen or unheeded.

Also, some people simply don't trust the government, and believe that federal authorities are only trying to spy on them or take over the Internet. Blogs and other Internet forums are riddled with postings warning of the government using the malware as a ploy to breach American citizens' computers. That's a charge the FBI and other cybersecurity experts familiar with the malware quickly denounce as ridiculous.

Still, the Internet is flooded with conspiracy theories:

"I think the FBI just wants everyone to go to that website to check our computers so they can check our computers as well. Just a way to steal data for their own research," one computer user said in a posting on the Internet.

Another observed: "Yet another ploy to get everyone freaked out ... remember Y2K."

There is an underlying sense that this will be much ado about nothing, such as the approach of 2000. The transition to that year presented technical problems and fears that some computers would stop working because they were not set up for the date change. In the end there were very few problems.

Considering there are millions of Internet users across the country, several thousand isn't a big deal, unless you're one of them.

Rep. Jim Langevin, D-R.I., and co-founder of Congress' cybersecurity caucus, said computer users have a responsibility to practice good sense and make sure their computers are not infected or being hijacked by criminals.

"These types of issues are only going to increase as our society relies more and more on the Internet, so it is a reminder that everyone can do their part," he said.

FBI officials have been tracking the number of computers they believe still may be infected by the malware. As of Wednesday, there were about 45,600 in the U.S. — nearly 20,000 less than a week ago. Worldwide, the total is roughly 250,000 infected. The numbers have declined steadily, and recent efforts by Internet service providers may limit the problems on Monday.

By Monday, if your computer isn't functioning properly, customer support lines could be your best solution.
___

Lolita C. Baldor can be followed on Twitter at Lolita Baldor (lbaldor) on Twitter

Associated Press
Copyright 2012 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

My apologies to the AP for violating their prohibition against "redistributing" this material, but they made it impossible to link to the original. So, I had to do what I had to do.

[Pipstradamus]

Clint, thanks for posting.

what I want to know is why the FBI is involved. All other viruses are tackled by the usual antivirus vendors like Norton or AVG etc. Something is fishy. It's probably more hype than anything anyway kinda like the y2k non event.

This is most likely why:

"Beginning in 2007, the cyber ring used a class of malware called DNSChanger to infect approximately 4 million computers in more than 100 countries. There were about 500,000 infections in the U.S., including computers belonging to individuals, businesses, and government agencies such as NASA. The thieves were able to manipulate Internet advertising to generate at least $14 million in illicit fees. In some cases, the malware had the additional effect of preventing users’ anti-virus software and operating systems from updating, thereby exposing infected machines to even more malicious software."

"Government agenices" is key here. Whether this is being over-hyped, it probably depends on where you live and if you have an infected machine. With over 1-2 billion computers in use around the world, 250,000 infected machines doesn't sound like a lot. And the U.S.'s share is less than 75,000 infected computers, in a pool of maybe 200 million.

But if you can't connect to the Internet, yikes! Sorry for you!

Pipstradamus