DNSchanger - Internet to suddenly go off for 350000 Windows users on 9-7-12

I don’t know about you, but I find this funny as hell, and I’m expecting a very good laugh soon ;D

Apparently DNSchanger was widows malware that changed windows DNS network settings so an affected PC would connect to bogus DNS servers, which were resolving entered URL’s to the IP’s of malicious sites.

The botnet operated by Rove Digital altered user DNS settings, pointing victims to malicious DNS in data centers in Estonia, New York, and Chicago. The malicious DNS servers would give fake, malicious answers, altering user searches, and promoting fake and dangerous products. Because every web search starts with DNS, the malware showed users an altered version of the Internet.

Under a court order, expiring July 9, the Internet Systems Consortium is operating replacement DNS servers for the Rove Digital network. This will allow affected networks time to identify infected hosts, and avoid sudden disruption of services to victim machines.

The FBI with the help of European agencies arrested the people who were running the DNS servers, and so that the millions of affected machines weren’t immediately disconnected from the internet, they replaced the DNS servers with correctly configured ones.

Problem is, the FBI are now saying they are finding the running of the “real” DNS servers too expensive … so are going to pull the plug on the 9th July 2012 (they were originally going to pull the plug in march, but revised the date).

Reversing the changes made by DNSchanger is very easy, there are plenty of tools for automatically removal available … though the FBI say that the number of affected machines has dropped sharply from “millions”, there still appears to be 350,000 machines affected.

Are they in for a surprise :wink:

Links (just in case you don’t believe it … I thought it was a joke at first):

Hahahahahaha… oh wait… I still have a Windows partition. :o

My first reaction would have been “serves them right for using windows” but then I realised that there is no mention in that article (first link)
of Windows as such. Just PC, which would imply all computers could be infected. It neglects to tell that this virus is only affecting Windows machines.

You’re right, but I reckon that’s just them thinking ALL PC’s run Windows.

DNSchanger is of course, Windows specific :slight_smile:

You're right, but I reckon that's just them thinking ALL PC's run Windows.

That is what I thought, then done some search on the web and yet to find where the article that actually
points out that it is only affecting Windows. Ignorance is bliss.

See here:
OK, that’s TDSS, TidServe, and Alureon taken care of … listed as Win32 Rootkit(s)

TDL4 is just another of the names it’s known by … it’s DEFINITELY a Win32 rootkit.

Googgle any of those names … you’ll see what I mean :wink:

You are right of course.
But I have no problem with recognizing the issue at hand. My concern is that (most of) the mainstream press
is reporting it in a way that the Microsoft OS is not implicated in any way as being the only OS that is vulnerable.
Is this a “being nice” to Microsoft or it is “being ignorant”.

Ahh … I see your point. (sorry, I must have been having a thick moment there)

I’m going to give them the benefit of the doubt, and assume they consider it a non-question in a “of course it’s a Windows virus, aren’t they all” kind of way :slight_smile:

get ready for the fallout from the computer challenged facebook & twitter addicts-look how bad it is whenever facebook especialy has technical work and shuts temperarily.
itll be mass rage/cigarette huffing/withdrawals,and confusion overall due to not being able to draw completely unrelated pictures on the ‘draw something’ app,update their status and the rest of that crap.
but then both us hobby and profesional techies will be on the end of it,required to jump at the request of their demand no doubt,have always charged a can of redbull per fixing whatever problem it is,no one ever does it so they can do it themselves.

this win virus sounds like the next ‘ms blaster’ if anyone remembers that.

Hi xkill, and welcome to the forum :slight_smile:

Not just me that rants about about the fekbook aficionados then :wink:

Can of Redbull for rootkit removal … you’re cheap :wink: … I know this particular rootkit is quite an easy fix, but it’s only easy if you know how … they’re paying for a skill they don’t possess … and this is one piece of malware they’ll not be able to ignore, I say “make em pay”, Mwuhahahah :o

If anyone is using windows (or dual boot) and wants to know if the DNSchanger' is affecting there pc. apparently opendns’ will pick it up.