Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
Editorials & Other Articles
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
Make sure "DNS Changer Malware" isn't infecting your MS or Linux system(s).
Another DU thread on this here: http://www.democraticunderground.com/10952045
What is the DNS Changer Malware?
On November 8, the FBI, the NASA-OIG and Estonian police arrested several cyber criminals in Operation Ghost Click. The criminals operated under the company name Rove Digital, and distributed DNS changing viruses, variously known as TDSS, Alureon, TidServ and TDL4 viruses. You can read more about the arrest of the Rove Digital principals here, and in the FBI Press Release.
What does the DNS Changer Malware do?
The botnet operated by Rove Digital altered user DNS settings, pointing victims to malicious DNS in data centers in Estonia, New York, and Chicago. The malicious DNS servers would give fake, malicious answers, altering user searches, and promoting fake and dangerous products. Because every web search starts with DNS, the malware showed users an altered version of the Internet.
Under a court order, expiring July 9, the Internet Systems Consortium is operating replacement DNS servers for the Rove Digital network. This will allow affected networks time to identify infected hosts, and avoid sudden disruption of services to victim machines.
How Can I Protect Myself?
This page describes how you can determine if you are infected, and how you can clean infected machines. To check if youre infected, Click Here. If you believe you are infected, here are instructions on how to clean your computer.
On November 8, the FBI, the NASA-OIG and Estonian police arrested several cyber criminals in Operation Ghost Click. The criminals operated under the company name Rove Digital, and distributed DNS changing viruses, variously known as TDSS, Alureon, TidServ and TDL4 viruses. You can read more about the arrest of the Rove Digital principals here, and in the FBI Press Release.
What does the DNS Changer Malware do?
The botnet operated by Rove Digital altered user DNS settings, pointing victims to malicious DNS in data centers in Estonia, New York, and Chicago. The malicious DNS servers would give fake, malicious answers, altering user searches, and promoting fake and dangerous products. Because every web search starts with DNS, the malware showed users an altered version of the Internet.
Under a court order, expiring July 9, the Internet Systems Consortium is operating replacement DNS servers for the Rove Digital network. This will allow affected networks time to identify infected hosts, and avoid sudden disruption of services to victim machines.
How Can I Protect Myself?
This page describes how you can determine if you are infected, and how you can clean infected machines. To check if youre infected, Click Here. If you believe you are infected, here are instructions on how to clean your computer.
More at The DNS Changer Working Group (read the whois under the About/Contact tab at the Home page): http://www.dcwg.org/
InfoView thread info, including edit history
TrashPut this thread in your Trash Can (My DU » Trash Can)
BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks)
3 replies, 5045 views
ShareGet links to this post and/or share on social media
AlertAlert this post for a rule violation
PowersThere are no powers you can use on this post
EditCannot edit other people's posts
ReplyReply to this post
EditCannot edit other people's posts
Rec (2)
ReplyReply to this post
3 replies
= new reply since forum marked as read
Highlight:
NoneDon't highlight anything
5 newestHighlight 5 most recent replies
Make sure "DNS Changer Malware" isn't infecting your MS or Linux system(s). (Original Post)
Amonester
Apr 2012
OP
Important information.
bemildred
(90,061 posts)2. Green, thanks. nt
karnac
(564 posts)3. Linux is vulnerable indirectly
IF you have multiple platforms on your home network like I do(Linux,Win7,XP,OSX),
the virus might be able to change dns settings on your router from an infected machine.
If so, your uninfected machines might still wind up connecting to fake malicious sites.
This should be preventable by making SURE you have changed the default router login/password to something not too obvious. Not talking about wifi keys. that's another unrelated issue.