Windows 7 - Computers Infected By 'DNS Changer' Trojan Malware Will Lose Internet Access Monday

Computers Infected By 'DNS Changer' Trojan Malware Will Lose Internet Access
Monday ...
http://medford.patch.com/articles/fbi-computers-infected-by-trojan-malware-will-lose-internet-access-monday

Internet blackout for thousands coming Monday ...
http://money.cnn.com/2012/07/06/technology/dnschanger/index.htm

We can only hope that those stupid enough to get or rather allow their
computer to remain infected after all the notifications are down for at
least a week.

With luck those that remain online will have sense enough to ignore the
phone calls asking for help from those stupid twits... ;)

I have a feeling there will be 0 posts to google groups Monday... :)
--
To reply via e-mail, remove The Obvious and .invalid from my e-mail address.

They will STILL access the Internet just will not do name to IP address
resolution.

--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

(in article <jt9n79$th$1@dont-email.me>):


Where is the damn 'like' button here... :)

--
Joey from New York
Among those whom I like or admire, I can find?no common denominator,
but among those?whom I love, I can: all of them make me laugh.
? ?-- WH Auden

LOL!

Oh, that is harsh!  There is such thing as internet withdrawal, ya know.

Nope.  People like me will more than happily rescue the clueless, for
a price.  If it were not for malware, spyware, phishing, buggy apps,
buggy operating systems, defective hardware, and FUD, I would be out
of business[1].  If I were unethical, unscrupulous, evil, dastardly,
greedy, etc, I would probably write malware for distribution.
Unfortunately, I am a lousy programmer, so that is not going to make me
wealthy.

Maybe I should write a book... "The Zen of Computer Repair, or how I
learned to deal with computah users and still remain sane".


Good idea.  I do not need any competition.

Every time there is media attention to a virus set to explode on some
specific date, my phone rings.  My purpose in fixing computahs is to
keep the phone from ringing.  If someone calls, it is often about
something that I did wrong or missed.  I do not like phone calls.

Before the day of impending doom, my email is filled with customers
asking "Do I have the DNS Changer trojan"?  On Monday, I expect to get
calls such as "My computer will not turn on.  Is it the DNS Redirector
trojan"?  Eventually, they remember to flip the switch on the power
strip or UPS.  it is dumb, but I like the easy stuff.


[1]  Company motto:  If this stuff worked, you would not need me.


--
Jeff Liebermann     jeffl@cruzio.com
150 Felker St #D    http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann     AE6KS    831-336-2558

What if you turn your clock or calendar back? Does that buy you more time?



--
The Grandmaster of the CyberFROG

Come get your ticket to CyberFROG city

Nay, Art thou decideth playeth ye simpleton games. *Some* of us know proper manners

Very few. I used to take calls from *rank* noobs but got fired the first day on the job for potty mouth,

Bur-ring, i'll get this one: WHAT'S YOUR PROBLEM JERK!!? We're here to help you dickweed, ok, ok give the power
cord the jiggily piggily wiggily all the while pushing the power button repeatedly now take everything out of
your computer except the power supply and *one* stick of ram. Ok get the next sucker on the phone.

Deirdre Straughan (Roxio) is a LIAR (Deirdre McFibber)

There is the employer and the employee and the FROGGER and the FROGEE, which one are you?

Hamster is not a newsreader it is a mistake!

El-Gonzo Jackson FROGS both me and Chuckcar (I just got EL-FROG-OED!!)

All hail Chuckcar the CZAR!! Or in F-R-O-Gland Chuckcar laFROG laCZAR, ChuckZar!!

I hate them both, With useless bogus bullshit you need at least *three* fulltime jobs to afford either one of
them

I am a fulltime text *only* man on usenet now. The rest of the world downloads the binary files not me i cannot
afford thousands of dollars a month

VBB = Volume based billing. How many bytes can we shove down your throat and out your arse sir?

The only "fix" for the CellPig modem is a sledgehammer.

UBB = User based bullFROGGING

Master Juba was a black man imitating a white man imitating a black man

Always do incremental backups of your data or you will end up like the A-Holes at DSL Reports. Justin says i made
a boo-boo. Yeah boo-who.

Updates are for idiots. As long as the thing works there is no reason to turn
schizophrenic and develop a lifelong complex over such a silly issue.

Adrian "jackpot" Lewis is a mama's boy!

Jimmy Fricke is good for the game of poker

Using my technical prowess and computer abilities to answer questions beyond the realm of understandability

Regards Tony... Making usenet better for everyone everyday

This sig file was compiled via my journeys through usenet

Per Jeff Liebermann:

Which utility for connecting to the user's desktop do you favor?
--
Pete Cresswell

From: "Tony" <Tony@TheDeli.Sandwich>


LOL - No.  it is irrelevant to the DNS Protocol and what servers you use.

--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

Lipman <DLipman~nospam~@Verizon.Net> writes:
Yes, but if this "DNS Changer" Trojan (is it a trojan?) triggers on
Monday, then it must find out from somewhere that it _is_ Monday.
Presumably it uses an online timeserver, but this is only a presumption:
the question is valid!
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G.5AL-IS-P--Ch++(p)Ar@T0H+Sh0!:`)DNAf

I believe the cake has got to be sliced up to help those who are needy and
you have got to keep someone there who is going to make the cake. Here we always
destroy the people who make the cake. - Michael Caine (MM), RT, 7-13 Nov 2009.

No, on Monday morning the FBI technician is going to lean over and pull
the power plug from the wall outlet. No timeserver is needed.

If he calls in sick on Monday, your computer may last for another day.

Read Sam Hill's reply in the subthread. It is both correct and clever.

The DNS redirection is occurring at a server which belongs to the FBI,
and which the FBI is about to repurpose.

Once that happens, any flawed computers will no longer get redirected to
that server, and their misdirected addresses will not be fixed any more.

This is happening out in the cloud, not in your computer.

--
Gene E. Bloch (Stumbling Bloch)

TeamViewer:
Windoze, Mac, Linux, iphone, iPad, and Droid versions.
Free for non-commercial use.  $749 for a biz license.

--
Jeff Liebermann     jeffl@cruzio.com
150 Felker St #D    http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann     AE6KS    831-336-2558

[snnnip]

And, of course, what happens if the folk are using a VOIP
system that hooks up through their computer? Does this
mean they cannot call for help to get their phone working?



--
_____________________________________________________
Knowledge may be power, but communications is the key
dannyb@panix.com
[to foil spammers, my address has been double rot-13 encoded]

From: "J. P. Gilliver (John)" <G6JPG@soft255.demon.co.uk>


No.  There ios no "trigger date".  The DNSChanger trojan changes the DNS
Table of computers and SOHO Routers.  That change was in effect subsequent
to a reboot upon infection.

The ONLY concept about Monday is that the the DNS Servers tied to the IP
addresses of were the malicious DNS Servers will be taken down.  That's it.
End of story.



--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

Good, that will free up the Internet for the rest of us!

IFF they had been infected by the DNSChanger trojan and the DNS server table
had not been corrected then if they need DNS Services then there may be
service interruption.  However if the VoIP device has hard coded addresses,
or they were never infected, no.



--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

Lipman <DLipman~nospam~@Verizon.Net> writes:

I do not understand the above "sentence" (-:.

--
J. P. Gilliver. UMRA: 1960/<1985 MB++G.5AL-IS-P--Ch++(p)Ar@T0H+Sh0!:`)DNAf

Santa's elves are just a bunch of subordinate Clauses.

The trojan works by redirecting DNS requests by infected computers and
routers to a server which is currently controlled by the FBI, having
been removed from the control of the bad guys some months ago. This
server directed certain address requests to malware or advertising
sites, effectively hiding the correct websites from the user.

This nameserver will be disconnected from the internet on Monday 9th
July. As a result, all computers and routers that are using it as their
default or only nameserver will be unable to look up the IP addresses
for websites.

If you have sites which you access by typing in the IP address directly,
you will not be affected, If you have made sure that you use your ISP's
nameserver, you will not be affected. If you are deliberately using
something like 8.8.8.8 or one of the other public nameservers, you will not
be affected.

If your security programs are up to date, you will not be affected, as this
exploit has been fixed by all of them a long time ago.




--
Tciao for Now!

John.

In message <a5st88FqtpU1@mid.individual.net>, John Williamson

Thanks - a most clear explanation.


Kind of the FBI to help out for as long as they did!
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G.5AL-IS-P--Ch++(p)Ar@T0H+Sh0!:`)DNAf

The sun, with all those planets revolving around it and dependent upon it, can
still ripen a bunch of grapes as it if had nothing else in the universe to do.
-Galileo Galilei, physicist and astronomer (1564-1642)

Absolutely agree.... TeamViewer.
--
Glen Ventura
MS MVP  Oct. 2002 - Sept. 2009
CompTIA A+

I will add my vote for TeamViewer to yours.

Monday will come and pass. it is just another doomsday that will not
amount to much.

And mine. I have used it (from this XP netbook) to sort out friends on XP,
Vista, and 7. (The XP and 7 users are blind, to boot.)
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G.5AL-IS-P--Ch++(p)Ar@T0H+Sh0!:`)DNAf

If you do not know how to orient your card to swipe it through the reader, the
checkout person will say, "Strip down, face toward me." (DNRC newsletter 1997)

Also, for those with a router, it is safer to "not" use the factory password
provided by
the manufacturer.  Change the password to something more secure to
prevent malware from breaking into your router/network.

Routers probably should ship with a more unique password instead of
one factory password for all routers of the same make/model.

That's one way the malware was breaking in and changing the DNS settings.

The dumb user should know to change it.

Kinda like the Y2K scare; my boss made me come back early from vacation for
that one. But that was all right- I got triple time for eight hours, plus
two extra vacation days for that one  :-)
--
SC Tom

Maybe you can convince your boss that the activation period is wrong,
and it will happen next Saturday so you can collect again. :)

Really? I had no idea.
--

... do not cover a warm kettle or your stock may sour. -- Julia Child

Part of why the Y2K problem was not so bad is that a lot of people,
including me, worked hard to fix a lot of systems beforehand.

They ended up getting scorn instead of credit for their work.

I guess that is better than a world-wide collapse :-)

--
Gene E. Bloch (Stumbling Bloch)

Exactly...

Well, that is one way the crooks got millions of $$$$.

Tech support even told me not to change the factory password when
I was on the phone with them once.  Change it anyways.

I think that was part of the reason I got that nice bonus for cutting my
vacation short. I put in many a night before 1/1/2000 getting all the
systems updated with the necessary Windows updates, etc., etc. The main
reason they had me come in on the first was to make sure it *was not* a
company-wide collapse, that everything was still running as it should. But
hey, if they want to give me extra time and money for it, who am I to
refuse? Besides, I felt I earned it anyhow. They were a good company to work
for; had a real "family" atmosphere throughout the organization.
--
SC Tom

I am retired now, and they closed their local plant about a year ago, but
with the popularity of Facebook and some of the other communities among the
engineers and office personnel, I sure I could have. They would not have
needed to know that it was probably all good anyhow with the protection we
ran ;-)
--
SC Tom

I just got back from the grocery store, I still have Internet access,
and it is a big fizzle on doomsday so far. :)

The likelihood of any person being infected by this malware is less than
1/2 of 1 percent.

me@other.invalid> wrote in article <z1slp5ifs9x8
$.dlg@stumbler1907.invalid>...

I hear ya, I was also part of the effort to make sure it was a non-
event.  Next time, I say we let disaster happen, and become heroes by
saving the world...

Never mind, we will still get scorn because we did not prevent it.

Sigh.  Don't see how we can win...

--
Zaphod

Adventurer, ex-hippie, good-timer (crook? quite possibly),
manic self-publicist, terrible bad at personal relationships,
often thought to be completely out to lunch.

One in 200? I should hope it is *considerably* less than that.
Chris

snip


Why is this a surprise?  Look at the number of people who argue
against vaccinations because "the disease they prevent does not occur
that often".

--
Remove del for email

I got one of those calls from someone that they were a Microsoft Tech. That
they were alerted to the malware in my computer. That it was done without my
knowledge. He wanted to fix it for me. No, I did not fall for it. For one
thing, Microsoft Techs do not call you. You call them. I was not born
yesterday!!



snip


Why is this a surprise?  Look at the number of people who argue
against vaccinations because "the disease they prevent does not occur
that often".

--
Remove del for email

Which company was that? ...If you are willing to say :-)

That story sounds to me like a good reason to avoid that company's
routers.

--
Gene E. Bloch (Stumbling Bloch)

Yeah. We cannot even hope for a plain old zero-sum game :-)

--
Gene E. Bloch (Stumbling Bloch)

Sorry, left out a decimal point.  It should be less than 1 in 2000.
This is based on old data, assuming there are 1 billion computers in the
world & using the estimated number of computers that were infected in
Nov 11.  There are significantly more computers than that now &
supposedly 100,000 or so fewer infected computers, which would reduce
the odds even further that any particular computer is infected.

No names but it is one of the top selling wireless routers that I recently
bought.
It may have been just that one tech support person's slight oversight.

Yes.

just will not do name to IP address resolution.
No. They will be sent to probably wrong IP!

Let's hope :-)

--
Gene E. Bloch (Stumbling Bloch)

No.  The DNS Servers were shutdown thus the DNS calls will go unanswered.


--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

Ya!! it is a complete meltdown all over the world and they got it right
once again!!!!!!!!!!!!!!!

Now let us get back to some serious work!



--
Good Guy
Website: http://mytaxsite.co.uk
Website: http://html-css.co.uk
Forums: http://mytaxsite.boardhost.com
Email: http://mytaxsite.co.uk/contact-us

So when were you born?


--
Good Guy
Website: http://mytaxsite.co.uk
Website: http://html-css.co.uk
Forums: http://mytaxsite.boardhost.com
Email: http://mytaxsite.co.uk/contact-us

At least one of the big ISPs supposedly [a] will be
redirecting those DNS requests to its own servers.

Which in some ways raises more concerns than it solves...

[a] news reports, for what they are worth, about AT&T

--
_____________________________________________________
Knowledge may be power, but communications is the key
dannyb@panix.com
[to foil spammers, my address has been double rot-13 encoded]

Not true. The "FBI's DNS Servers" were shutdown. The rest of the world's DNS servers
continue to work AOK.


A decent ISP response, but basicly unneeded except for customer satisfaction.



Such as?

The 1st law of thermodynamics says you cannot win.

The 2nd law says you cannot break even.

The 3rd law says you cannot quit the game.

--
Remove del for email

FYI, David H. Lipman is quite knowledgeable in this area and is well
aware that it was the FBI-run DNS servers that were being shut down. I
think if you review the context of David's statement above, you will
clearly see that.

--

Char Jackson

The same iscreant who had ESTDomains created the DNSChanger trojan.  The
DNSChanger trojan (sometimes protected with a rootKit) would alter the DNS
Table of computers and poorly or insecure SOHO Routers.

The malicious DNS Servers were setup in the following ranges...
93.188.160.0 ~ 93.188.167.255
77.67.83.0 ~ 77.67.83.255
85.255.112.0 ~ 85.255.127.255
213.109.64.0 ~ 213.109.79.255
67.210.0.0 ~ 67.210.15.255
64.28.176.0 ~ 64.28.191.255

The US FBI took over DNS Servers at those address spaces.  It is those that
were shutdown.

If a victim had been infected with the DNSChanger trojan then their IP
addresses in the DNS Table woould have been altered to addresses within that
space.  If a victim had not corrected their respective systems prior to the
FBI's takedown of the servers then those who had been using them would no
longer perform name to IP address resolution and then all DNS calls from an
affected computer would have gone unanswered.

From the POV of an infected/affected user, all other DNS servers on the 'net
is a moot point.

--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

In my case, about the same time as my tongue, and somewhat earlier than
my teeth.
--=20
Robin Bignall
Herts, England=20