What will happen to your computer March 8?

[tim-from-pa]

DNS changer malware has infected many computers directing them to a bogus DNS server that redirects them to other malicious sites including some with more malware. In addition, the potential for identity theft exists. However, the FBI caught on to this massive scheme and replaced the servers with legit ones (after several arrests) but they are only going to be in operation until March 8. After that, the servers will come down promoting the conspiracy theories that the FBI will "take down the Internet" on March 8 thus leading people to believe this is a ploy to censor the Internet. In fact, if what I am saying is true, the real reason that some people will not be able to access the internet is because the malicious servers replaced by the FBI will no longer exist, and the infected computer will be calling a non-existent DNS server.

As always, I poke fun at Microsoft primarily being the victim of this, but surprisingly even Mac computers can be infected. Unlike Microsoft that can catch such malware by simply turning the computer on (to exaggerate a tad), Macs, Linux, Androids etc. DON'T "catch" this malware. It came as a trojan where the user is tricked into downloading it --- it is said it mostly comes from porn sites that trick the user into downloading a "codec" in order for the porn videos to work. So in fact, the user is to blame in this case. Of course, nobody has that problem here, right? I would expect this to innocently happen only to Microsoft; I'm going to predict 1000:1 Macs.

Here's one of the articles and you can search the web for others like it:

http://reviews.cnet.com/8301-13727_7-57322316-263/fbi-tackles-dnschanger-malware-scam/

 

[Chris]

lol if people buy Microjunk they should buy some aspirin too to deal with all the headaches that go with it.


it wil be interesting how this pans out..

eeeek imagine no net on march 9, will have to read my bible all day instead.

I will also fast in mourning.

 

[th1b.taylor]

I do my best to convert folks to some form of Linux or if they insist on purchasing an OS to also buy a Mac but if AT&T were to go down I would be grounded any way. But it would not be because of a virus attack. I run my firewall and ClamAV now but for the first two years I ran Ubuntu 7.10 and version 8.04 without either to test the claims without incident. My Granddaughter is in collegeworshipping and runs OSX on her MAC Book with no trouble to this point. I tell her all the time that this is because it runs on the same Unix core that Linux runs on. Of course it does, I'm told and that would be a good part, I believe, of the reason for the stability of the system.

 

[Chris]

Thib if your daughter has a mac she also has no problems. Its pretty rare. I think us mac users are no longer Fanboys we are just sensible.

I run my router through a different dns to my ISP anyway. I am not sure how it will afect that.

 

[tim-from-pa]

Yeah, like I said, Mac, Linux, Android and those with similar platforms had to have the user knowingly download such malware by trickery and social engineering. Here on my Ubuntu, I only use the repository for my software. But Microsoft may have gotten this malware with the usual innocent surfing without the porn for all we know --- that's possible.

 

[Vic C.]

I believe this may be a simple solution for those who know how to do it:

Find out which DNS IP addy(s) are used by your ISP. Manually configure your router and PC to use this number for DNS. Windows will allow you to at least manually add a primary and secondary number. Other OSs may allow for multiple entries.


Or you can use one (or both) of Google's public DNS servers. 8.8.8.8 ans 8.8.4.4 .

Try not to use 4.2.2.2 unless you are a Level3 customer.

 

[tim-from-pa]

I believe this may be a simple solution for those who know how to do it:

Find out which DNS IP addy(s) are used by your ISP. Manually configure your router and PC to use this number for DNS. Windows will allow you to at least manually add a primary and secondary number. Other OSs may allow for multiple entries.


Or you can use one (or both) of Google's public DNS servers. 8.8.8.8 ans 8.8.4.4 .

Try not to use 4.2.2.2 unless you are a Level3 customer.

I know what you are saying, Vic, but from what I read any manual entry of preferred DNS servers is only temporary, and the malware will erase and re-enter the infected DNS servers (that were taken down).

Case in point, back in my Microsoft days, I used to take out the startup options for certain applications in my msconfig. Upon reboot they were just re-entered again, so I gave up. However, this was a legit application that I needed, so I could not uninstall it --- but I hated that it used more resources. (I think one was Quiktime or one of those). There's something, I presume in the registry (as you well know are zillions of values, keys etc that can change the behavior of the computer to do what the application wants). The same is the case with this virus. It will just re-enter the DNS settings unless the virus is removed. I hear this is a doozie and most people will probably have to shell out a lot of money to get their PC's fixed.

 

[Vic C.]

I guess my point was, if you manually set it and then you see it was changed, you know you have a problem. Of course, removing the malware or virus is the solution.

Me, if I was to get infected on my Windows P and I can't remove the infection, I just reinstall. :D

 

[Vic C.]

This may not have anything to do with this topic, but I advise all Windows users to disable UPnP. If you don't what that is, go here:

http://www.grc.com/unpnp/unpnp.htm

But you don't need their software to do it. It's easy and any number of us here can show you how to do it. Your PC account will probably have to be an administrator account or esle, log in as an administrator.

I would also recommend you turn it off in your router, if your router supports it.

 

[tim-from-pa]

I guess my point was, if you manually set it and then you see it was changed, you know you have a problem. Of course, removing the malware or virus is the solution.

Me, if I was to get infected on my Windows P and I can't remove the infection, I just reinstall. :D

Yes, you're right there, Vic. As a matter of fact, there's some sites with articles that list the IP addresses of those malicious DNS servers and if you see them on your computer you know you are infected. Also, there is a test site that checks your computer and if it's green you are OK. If it's red you are infected. (My Ubuntu computer here showed green ).

Everyone here can Google those articles to find the links if they so desire (or if you want privacy then "startpage" those links ). But I just wanted to point that out to everyone. As much as I bash Microsoft, I would wager only a few PC users in the minority here will actually have that problem, and probably no Mac users (or very, very, few) and definitely no Linux users because as far as I know the malware was not written for Linux. As I stated, I think this will be a "Y2K" type issue --- only a few that have sloppy habits.

 

[tim-from-pa]

OK, if there's any computer infectees out there, you now have until July 8. In addition, the article has that DNS tester that I was talking about in the previous post.

http://www.csoonline.com/article/701652/dnschanger-victims-get-extension-until-8-july

 

[tim-from-pa]

It's no longer March 8, but July 9. I thought I'd resurrect this thread.

Hopefully, we won't have any missing members here. I'll be here (Lord willing) but if not, it won't be because this computer got a virus, or any virus. No. It'll be for some other reason.