Data Highways Support Site.

Bill Williams (IT): Support Site

[home] | [profile] | [register] | [help] | [Contact Us]

[Sections] [Virus Warnings] this page	Virus Warnings	[Tell someone about this]

By	Internet Doomsday...The DNS Changer Virus
Bill Williams	Uploaded - 26 Apr 2012 15:53 A virus has been circulating on the Internet which affects Windows, Macs and Mobile Smartphones; the virus changes the settings in your computer/phone so that it no longer uses the DNS server entry supplied by your broadband supplier, but one run by cyber criminals. DNS servers provide to the internet the same sort of service that Directories enquiries provide to the ordinary telephone system i.e. they convert the name you are seeking into the corresponding number. For certain web sites, the fake DNS servers gave you a fake number instead, which sent you to a criminals webpage, which worked as normal, but could have been stealing information and advertising revenue from you. The FBI and Estonian officials caught the criminals and shut down the fake DNS servers, by substituting a real DNS server for each of the fakes, however they do not want the expense of running them for ever and proposes to shut them off on the 9th July 2012. See Telegraph article, which somewhat exaggerates the problem. http://www.independent.co.uk/life-style/gadgets-and-tech/news/fbi-warns-virus-victims-face-internet-doomsday-7676060.html Link The difficulty is that IF AND ONLY IF, your computer was at some time infected by this virus, after 9th July it will still be trying to use the faked DNS server addresses and so won't be able to connect to any named place on the Internet. It will be like trying to make a phone call with no phone-book and no Directory Enquiries. So if you have any suspicion that you might have been infected you should test your computer BEFORE July 9th. FBI have provided a test; go to this location https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS Link And then click on the relevant URL link in the first column of the table. This will tell you whether or not you are using one of the FAKED servers. Most people will be OK. If you are unfortunate and have been infected, basically you have to remove the virus and then set your computer back to the information that was originally supplied by your broadband supplier. You received this information in a paper letter from your supplier when you had your broadband connected. In many cases it was automatically done for you. If in doubt contact your broadband supplier's help desk. The test page with some additional information is also at: http://www.dcwg.org/detect/ Link and a page pointing to fix tools is at http://www.dcwg.org/fix/ Link ~~~~~~ When clear of the virus, or even if you never had it, you might want to consider setting you computer to use the OpenDNS servers instead, these are nice 'clean' servers, which do the opposite of those crim's servers, for all websites which are known by them to be criminal, the OpenDNS servers won't tell you the address, instead they give you the address of a warning page. Read all about it at: http://info.opendns.com/enterprise-web-filter-free-trial.html?_kk=%2Bopen%20%2BDNS&_kt=14de1171-91ba-4ee8-b850-ac4b3d65148a&gclid=CO7Cr9_j0q8CFQHcfAod9R45HA Link Bill. Revised on 26 Apr 2012
Bill Williams	Uploaded - 27 Apr 2012 00:52 quote: I do wish I knew what this meant. OK, lets have another go at explaining: When you click on an Internet link, or type in an internet address, you are usually typing in a NAME of a web page, such as www.comedy.co.uk But the Internet actually works on NUMBERS (called IP addresses) just like telephones only work with numbers. So behind the scenes, when you click a link containing a NAME, your computer browser program (such as Internet Explorer or Firefox) first of all has to look up the numeric address. It does this by consulting a service (for which it already knows the numeric address) {just like you might call directory enquiries to get a phone number, you have to KNOW the actual number of the Directory Enquiries service; 118 500 for BT, I think}. The Internet look-up facility service is called the "Domain Name Service" DNS and is provided by DNS servers (computers which have whacking great lists of names and their numbers). There are lots of them (all back linked to each other to automatically keep the lists up-to-date). Normally any user uses the DNS server provided by his/her broadband supplier, who has supplied to the user the actual NUMERIC address (not the name) of the 'local' DNS server. If a computer does not know a valid numeric address for a valid DNS server, it is impossible for that computer to visit any NAMED web page, because it will not be able to look up the corresponding numeric address of the web page. The "DNS Changer virus" on an infected computer interferes with that internal recorded number of the DNS server provided by the broadband supplier. The FBI & Estonian authorities removed the fake servers and substituted valid ones so the infected computers continued to work, but when they close down those temporary DNS servers on July 9th any infected computers will need to reset their internal copy of the numeric address to that of a valid DNS server. Bill. Revised on 27 Apr 2012

Internet Doomsday...The DNS Changer Virus

Bill Williams

Uploaded - 26 Apr 2012 15:53

A virus has been circulating on the Internet which affects Windows, Macs and Mobile Smartphones; the virus changes the settings in your computer/phone so that it no longer uses the DNS server entry supplied by your broadband supplier, but one run by cyber criminals.

DNS servers provide to the internet the same sort of service that Directories enquiries provide to the ordinary telephone system i.e. they convert the name you are seeking into the corresponding number.

For certain web sites, the fake DNS servers gave you a fake number instead, which sent you to a criminals webpage, which worked as normal, but could have been stealing information and advertising revenue from you.

The FBI and Estonian officials caught the criminals and shut down the fake DNS servers, by substituting a real DNS server for each of the fakes, however they do not want the expense of running them for ever and proposes to shut them off on the 9th July 2012.

See Telegraph article, which somewhat exaggerates the problem.
http://www.independent.co.uk/life-style/gadgets-and-tech/news/fbi-warns-virus-victims-face-internet-doomsday-7676060.html
Link

The difficulty is that IF AND ONLY IF, your computer was at some time infected by this virus, after 9th July it will still be trying to use the faked DNS server addresses and so won't be able to connect to any named place on the Internet. It will be like trying to make a phone call with no phone-book and no Directory Enquiries.

So if you have any suspicion that you might have been infected you should test your computer BEFORE July 9th.

FBI have provided a test; go to this location
https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS Link
And then click on the relevant URL link in the first column of the table.

This will tell you whether or not you are using one of the FAKED servers. Most people will be OK.

If you are unfortunate and have been infected, basically you have to remove the virus and then set your computer back to the information that was originally supplied by your broadband supplier. You received this information in a paper letter from your supplier when you had your broadband connected. In many cases it was automatically done for you. If in doubt contact your broadband supplier's help desk.

The test page with some additional information is also at: http://www.dcwg.org/detect/ Link
and a page pointing to fix tools is at http://www.dcwg.org/fix/ Link

~~~~~~
When clear of the virus, or even if you never had it, you might want to consider setting you computer to use the OpenDNS servers instead, these are nice 'clean' servers, which do the opposite of those crim's servers, for all websites which are known by them to be criminal, the OpenDNS servers won't tell you the address, instead they give you the address of a warning page.

Read all about it at: http://info.opendns.com/enterprise-web-filter-free-trial.html?_kk=%2Bopen%20%2BDNS&_kt=14de1171-91ba-4ee8-b850-ac4b3d65148a&gclid=CO7Cr9_j0q8CFQHcfAod9R45HA Link

Bill.

Revised on 26 Apr 2012

Bill Williams

Uploaded - 27 Apr 2012 00:52

quote:
I do wish I knew what this meant.

OK, lets have another go at explaining:

When you click on an Internet link, or type in an internet address, you are usually typing in a NAME of a web page, such as www.comedy.co.uk

But the Internet actually works on NUMBERS (called IP addresses) just like telephones only work with numbers. So behind the scenes, when you click a link containing a NAME, your computer browser program (such as Internet Explorer or Firefox) first of all has to look up the numeric address. It does this by consulting a service (for which it already knows the numeric address) {just like you might call directory enquiries to get a phone number, you have to KNOW the actual number of the Directory Enquiries service; 118 500 for BT, I think}.

The Internet look-up facility service is called the "Domain Name Service" DNS and is provided by DNS servers (computers which have whacking great lists of names and their numbers). There are lots of them (all back linked to each other to automatically keep the lists up-to-date). Normally any user uses the DNS server provided by his/her broadband supplier, who has supplied to the user the actual NUMERIC address (not the name) of the 'local' DNS server. If a computer does not know a valid numeric address for a valid DNS server, it is impossible for that computer to visit any NAMED web page, because it will not be able to look up the corresponding numeric address of the web page.

The "DNS Changer virus" on an infected computer interferes with that internal recorded number of the DNS server provided by the broadband supplier. The FBI & Estonian authorities removed the fake servers and substituted valid ones so the infected computers continued to work, but when they close down those temporary DNS servers on July 9th any infected computers will need to reset their internal copy of the numeric address to that of a valid DNS server.

Bill.

Revised on 27 Apr 2012

Home

Page.

Implemented by Bill Williams (IT)
based on ASP Forum.

5022
adv19_336.gif