Saturday 7 July 2012

DNS Changer 9th July 2012 DNS Malware


DNS which is abbreviated as Domain name service which converts your webpage name and map it to an IP address of the server and helps forwarding traffic.

A group of crooks manage to infect millions of computers around the world with the Malware called DNS changer that changed victim computers DNS entry pointing towards hackers rouge/ dodgy DNS Servers.

This malware didn’t effect victim browsing, it just diverted users traffic via there pool of DNS servers which takes them to the website where they want to go like Google or youtube but now and then they manage to divert the traffic to malicious or fraudulent websites and exploit the victim computers, and some times manage to stop you get any antivirus updates.


FBI mange to track those hacker dodgy DNS servers and before shutting them down FBI move those services on legitimate clean servers as infected computers would have lost Internet access.


These interim DNS servers were suppose to be down by March 2012 but due to heavy rate of infection they postponed and those servers will be shutting down on 9th of July 2012.


The Federal Bureau of Investigation will shut down Internet servers that it temporarily set up to support those affected by malicious software, called DNS Changer. Turning off those servers will knock all those still infected offline

Rough estimate is there are more the 1/2 a Million users still infected with DNS changer malware

FBI Website have a list of DNS Servers that are going down on Monday 9th of July 2012


Rogue DNS Servers
85.255.112.0 through 85.255.127.255
67.210.0.0 through 67.210.15.255
93.188.160.0 through 93.188.167.255
77.67.83.0 through 77.67.83.255
213.109.64.0 through 213.109.79.255
64.28.176.0 through 64.28.191.255

To check if you are infected check your computer DNS address by issuing a command IPCONFIG /ALL

However there is another way on to check if your DNS is rouge or not check the below mentioned FBI site.

https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS




Source 
www.fbi.gov