| Forum Home | ||||
| PC World Chat | ||||
| Thread ID: 124354 | 2012-04-22 00:39:00 | Phishing? Scam? Phony? Hoax? Whazzup? | SurferJoe46 (51) | PC World Chat |
| Post ID | Timestamp | Content | User | ||
| 1271071 | 2012-04-22 00:39:00 | I got this from another friend who runs Yahoo! (I don't) but they are worried if this is true or not::: WASHINGTON (AP) — For computer users, a few mouse clicks could mean the difference between staying online and losing Internet connections this summer . Unknown to most of them, their problem began when international hackers ran an online advertising scam to take control of infected computers around the world . In a highly unusual response, the FBI set up a safety net months ago using government computers to prevent Internet disruptions for those infected users . But that system is to be shut down . The FBI is encouraging users to visit a website run by its security partner, http://www . dcwg . org , that will inform them whether they're infected and explain how to fix the problem . After July 9, infected users won't be able to connect to the Internet . Most victims don't even know their computers have been infected, although the malicious software probably has slowed their web surfing and disabled their antivirus software, making their machines more vulnerable to other problems . Last November, the FBI and other authorities were preparing to take down a hacker ring that had been running an Internet ad scam on a massive network of infected computers . "We started to realize that we might have a little bit of a problem on our hands because . . . if we just pulled the plug on their criminal infrastructure and threw everybody in jail, the victims of this were going to be without Internet service," said Tom Grasso, an FBI supervisory special agent . "The average user would open up Internet Explorer and get 'page not found' and think the Internet is broken . " On the night of the arrests, the agency brought in Paul Vixie, chairman and founder of Internet Systems Consortium, to install two Internet servers to take the place of the truckload of impounded rogue servers that infected computers were using . Federal officials planned to keep their servers online until March, giving everyone opportunity to clean their computers . But it wasn't enough time . A federal judge in New York extended the deadline until July . Now, said Grasso, "the full court press is on to get people to address this problem . " And it's up to computer users to check their PCs . This is what happened: Hackers infected a network of probably more than 570,000 computers worldwide . They took advantage of vulnerabilities in the Microsoft Windows operating system to install malicious software on the victim computers . This turned off antivirus updates and changed the way the computers reconcile website addresses behind the scenes on the Internet's domain name system . The DNS system is a network of servers that translates a web address — such as www . ap . org — into the numerical addresses that computers use . Victim computers were reprogrammed to use rogue DNS servers owned by the attackers . This allowed the attackers to redirect computers to fraudulent versions of any website . The hackers earned profits from advertisements that appeared on websites that victims were tricked into visiting . The scam netted the hackers at least USD 14 million, according to the FBI . It also made thousands of computers reliant on the rogue servers for their Internet browsing . When the FBI and others arrested six Estonians last November, the agency replaced the rogue servers with Vixie's clean ones . Installing and running the two substitute servers for eight months is costing the federal government about USD 87,000 . The number of victims is hard to pinpoint, but the FBI believes that on the day of the arrests, at least 568,000 unique Internet addresses were using the rogue servers . Five months later, FBI estimates that the number is down to at least 360,000 . The U . S . has the most, about 85,000, federal authorities said . Other countries with more than 20,000 each include Italy, India, England and Germany . Smaller numbers are online in Spain, France, Canada, China and Mexico . Vixie said most of the victims are probably individual home users, rather than corporations that have technology staffs who routinely check the computers . FBI officials said they organized an unusual system to avoid any appearance of government intrusion into the Internet or private computers . And while this is the first time the FBI used it, it won't be the last . "This is the future of what we will be doing," said Eric Strom, a unit chief in the FBI's Cyber Division . "Until there is a change in legal system, both inside and outside the United States, to get up to speed with the cyber problem, we will have to go down these paths, trail-blazing if you will, on these types of investigations . " Now, he said, every time the agency gets near the end of a cyber case, "we get to the point where we say, how are we going to do this, how are we going to clean the system" without creating a bigger mess than before . Sounds hokey to me . Originating LINK here::: . m . yahoo . com/w/legobpengine/news/hundreds-thousands-may-lose-internet-july-181324701--finance . html/index? . ts=1335026167& . intl=us& . lang=en" target="_blank">us . m . yahoo . com I checked SNOPES and got this::: A federal judge has given users infected with DNSChanger a four-month extension to get clean . The FBI-controlled DNS servers that replaced the malicious servers will not shut down on March 8 as previously announced . ( . pcmag . com/malware/293327-will-your-browser-go-dark-on-march-8" target="_blank">securitywatch . pcmag . com) But nearly half a million computers are still at risk for losing Internet connectivity when the new deadline rolls around in July . Back in November, law enforcement authorities working with the Federal Bureau of Investigation arrested six of the seven individuals in Estonia responsible for infecting millions of Windows and Mac machines worldwide with the DNSChanger Trojan . As part of the "Operation Ghost Click" raid, FBI agents also seized over 100 servers at data centers throughout the United States masquerading as legitimate DNS servers . The DNSChanger malware replaced the Domain Name System settings for the computers and routers it infected with addresses of malicious servers . When users tried to access certain websites, the rogue DNS servers redirected the Web traffic through other servers controlled by the criminals . Those criminals pocketed millions of dollars in affiliate and referral fees by diverting users through those sites, according to the FBI . Users who found themselves landing on strange sites unexpectedly, or had home computers that had difficulty connecting to their work VPNs were likely to be infected . Interim Measures Since machines with modified DNS settings would be unable to access the Internet once the rogue servers went dark, the FBI obtained a court order that allowed the non-profit Internet Systems Consortium to set up alternate DNS servers to temporarily replace the malicious servers . These servers were intended to give people time to clean up the infection . The court order was originally set to expire March 8, but prosecutors filed for an extension with the U . S . Court in the Southern District of New York because a significant number of computers still remained infected . In early February, Internet Identity estimated about 400,000 computers in the U . S . of the initial million were still infected . At least 94 of all Fortune 500 companies and three out of 55 major government entities had at least one computer or router that was infected with DNSChanger as of Feb . 23, according to IID . Updated numbers are currently unavailable . The new deadline for getting cleaned up and averting the Internet blackout is now July 9 . Users should immediately check their computers if they haven't already done so . How to Save Your Connection While the DNS Changer Working Group has provided step-by-step instructions for Windows XP, Mac OS X, and Windows 7 machines to check for an infection, a number of services and tools have popped up to make detection a fairly straightforward process . The DNSChanger Eye Chart (http://dns-ok . us/) is one such tool . If the user on an infected computer goes to the site, the image on the page is displayed with a red background . If the machine is clean, the image has a green background . The eye chart will also show a red image if the home router is infected, even if the computer itself is clean . Avira released a free tool for Windows systems that detects whether the computer is configured to use one of the temporary DNS servers . Despite the name, however, the Avira DNS Repair Tool ( . avira . com/en/support-for-home-knowledgebase-detail/kbid/1199" target="_blank">www . avira . com) is just a diagnostic tool and won't be able to remove the Trojan if it exists . The FBI also has a lookup form on its website ( . fbi . gov/check-to-see-if-your-computer-is-using-rogue-DNS" target="_blank">forms . fbi . gov) . The user can type in the IP address of the DNS server configured on the machine to find out if it is one of the malicious ones identified by law enforcement authorities . Removing DNSChanger . Once the infection has been found, the next step is to remove it . Because DNSChanger is a rootkit, removing it not as simple as running an antivirus . One option is to reinstall the operating system and start over from scratch . Kaspersky Lab offers TDSSKiller, a rootkit removal tool, which can also detect DNSChanger and remove it from infected systems . Some ISPs, such as Comcast, are offering $100+ services to remove the infection for their customers . Concerned users should reach out to their ISPs for similar services . The government does not expect average users to clean up their systems, however . "Users who believe their computers may be infected should contact a computer professional," to remove the Trojan, the FBI recommended in its working paper ( . fbi . gov/news/stories/2011/november/malware_110911/malware_110911" target="_blank">www . fbi . gov) . If you discover that your system is among the nearly half a million infected systems and doubt your own ability to clean it up, DCWG has links to organizations that can help with DNSChanger removal on its website . ( . dcwg . org/cleanup . html" target="_blank">www . dcwg . org) SO - it LOOKS like it bears some looking into - right? |
SurferJoe46 (51) | ||
| 1271072 | 2012-04-22 01:16:00 | I would say it is possibly true, but anybody that takes the time to keep their system clean, and practice safe computing (like yourself) shouldn't have anything to worry about. :) It does seem like a lot of trouble/work for the gummint/FBI to go to, just to carry 600000 lazy bastards though. :rolleyes: |
feersumendjinn (64) | ||
| 1271073 | 2012-04-22 01:19:00 | Hmm. Should we look into it, or look out for it? ;) | R2x1 (4628) | ||
| 1271074 | 2012-04-22 01:54:00 | It's not a hoax, but changing your DNS settings isn't exactly hard. | pctek (84) | ||
| 1271075 | 2012-04-22 04:18:00 | It's not a hoax, but changing your DNS settings isn't exactly hard. For those of us who do not understand: What are DNS settings? Why would you want to change your DNS settings? What does that achieve? Thanks for your help.:thanks |
Roscoe (6288) | ||
| 1271076 | 2012-04-22 05:16:00 | For those of us who do not understand: What are DNS settings? Why would you want to change your DNS settings? What does that achieve? Thanks for your help.:thanks The DNS settings control where you're PC resolves domain names like pressf1.pcworld.co.nz Clearnets servers are 203.97.33.1 203.97.37.1 So if you are with Clearnet the odds are when you type or click on a link for pressf1 it will first look on 203.97.33.1 to resolve the address to 210.48.100.45 |
mikebartnz (21) | ||
| 1271077 | 2012-04-22 05:25:00 | The DNS settings control where you're PC resolves domain names like pressf1.pcworld.co.nz Clearnets servers are 203.97.33.1 203.97.37.1 So if you are with Clearnet the odds are when you type or click on a link for pressf1 it will first look on 203.97.33.1 to resolve the address to 210.48.100.45 Mike --- Should I (in the US) be able to get to those sites that way? I can't and Google says it cannot resolve the address. Or is this a territorial situation only open to Upsidedowners? |
SurferJoe46 (51) | ||
| 1271078 | 2012-04-22 05:45:00 | Mike --- Should I (in the US) be able to get to those sites that way? I can't and Google says it cannot resolve the address . Or is this a territorial situation only open to Upsidedowners? You wouldn't really want to use the Clearnet servers from where you are because of the time lag . Much better to use something close to home . If you type in the IP of 210 . 48 . 100 . 45 into your browser it will take you directly to PressF1 because it doesn't have to do a look up from the DNS server . |
mikebartnz (21) | ||
| 1271079 | 2012-04-22 05:56:00 | Oh yeah. That works. Thanks. | SurferJoe46 (51) | ||
| 1 | |||||