Internet doomsday' a ticking time bomb - ACMA

[Cute Prince101]

Hi Guys

I want to Just to inform you all that i while i was on my lunch break at the office and watching the news on one of my local tv stations today, they mentioned a serious disruption of the whole entire internet across the world including my country Australia.

Here is article i found online regarding about this

MILLIONS of internet users worldwide could be taken offline on Monday by a virus hidden on their computers for more than a year.

The Australian Communications and Media Authority (ACMA) is warning users about a piece of malicious software known as a "Domain Name System Changer" or "DNSChanger" secretly installed by Estonian hackers.

The malware lets the hackers control the DNS – the system which lets users access the internet and send email – for criminal activities including fraud.

US and Estonian authorities have been working on the problem since last November, with the FBI arranging temporary control of the infected servers to let users keep accessing the web.

This temporary arrangement ends at 2.00pm (AEST) on Monday, July 9, when computers hit by the DNSChanger will no longer be able to access internet services, according to the Internet Systems Consortium, the organisation which controls the operations of the web.

The ACMA estimates about 6000 Australians will be affected.

Manager of e-Security at ACMA, Bruce Matthews told news.com.au that though they have been warning people about this since March, it’s likely some people will still be left without internet come Monday.

“We anticipate that many internet users will be confused about why they are unable to use internet services after this date and are likely to contact their ISP to query their lack of availability of internet services,” Mr Matthews said.

To prepare for this, the ACMA along with the Computer Emergency Response Team Australia (CERT) and the Australian Department of Broadband Communications have come up with an easy tool to let you to find out if your computer is infected and give you with tools to remove it.

Read more: http://nullrefer.com/?http://www.ne...g-time-bomb-acma/story-e6frfro0-1226418741284

& Here is another article i found about the topic

http://nullrefer.com/?http://www.ne...-internet-access/story-e6frfkui-1226419308853

I hope all the information above helps my dear :heart: friends & Everyone:heart::big hug:

& I hope you all have a nice Day/Evening/Weekend where you are now & Take extra care of yourselves

Yours Sincerely:heart:

Cute Prince101:cheers:

:heart::heart:

 

[gb2000ie]

This is actually a good thing!

There are millions of people who are INFECTED with a virus, but UNAWARE THEY HAVE A PROBLEM. A hidden problem will never get fixed. The DNS servers should never have been left up for a year.

Ultimately, this is nothing for anyone to worry about if they taken even the slightest bit of care of their computer.

This is an old virus, it is know to all AV companies, so grab a legit free AV product like ClamWin or AVG, give yourself a scan, and you'll be grand.

Also, google have been alerting infected users in their search results for a few weeks now.

This is FAR FAR FAR from doomsday - lighten up!

B.

 

[JamesK]

DNSChanger: just click

http://nullrefer.com/?http://www.dns-ok.de/

http://nullrefer.com/?http://www.dnschanger.eu/en/check.html

without Proxy

 

[RefixnarcisM]

So basically (just put me in 'person who live in the middle age' box) this virus is only active if the person have a Internet connection on their PC/smart phone or any kind of gadget that can be use to browsing and so. What will be happen if the person by some accident download a file that containing the virus but that person doesn't have an Internet connection in their house? Does this virus will do harm for the PC like damaging the software or so? How about the smart phone user? Does it have a same damage also?

 

[slimjim]

Well don't panic !!... the 1st thing to do is to check your PC by using one of the links that JamesK has provided, or you could use this one :

http://nullrefer.com/?http://www.dns-ok.us/

if the graphic has a green background your PC is NOT affected, if it's red you will need to do a full/deep scan with your anti-virus software.

 

[bafm]

So basically (just put me in 'person who live in the middle age' box) this virus is only active if the person have a Internet connection on their PC/smart phone or any kind of gadget that can be use to browsing and so. What will be happen if the person by some accident download a file that containing the virus but that person doesn't have an Internet connection in their house? Does this virus will do harm for the PC like damaging the software or so? How about the smart phone user? Does it have a same damage also?

As gb2000ie correctly said this is an old and well known trojan, basically this virus doesn't damage the pc or software installed in it.

DNSchanger changed the computer’s DNS server settings to replace the ISP’s good DNS servers with rogue DNS servers. Second, it attempted to access devices on the victim’s small office/home office (SOHO) network that run a dynamic host configuration protocol (DHCP) server (eg. a router or home gateway). The malware attempted to access these devices using common default usernames and passwords and, if successful, changed the DNS servers these devices use from the ISP’s good DNS servers to rogue DNS servers operated by the criminals.

Not only were the infected computers using rogue DNS services, but other devices in the household as well, including wifi-enabled mobile phones, tablets, smart TV.. The criminals would change the web content that users downloaded to suit their needs and make money, altering user searches, promoting fake and dangerous products and so on.

Anyway a simple up-to-date antivirus can get rid of it

 

[RefixnarcisM]

What does this virus can do exactly? Like some regular Trojan? Damaging PC's software and so or just making some people can't use their Internet services? Breaking accounts and so? I'm using a local anti-virus for my PC but I'm not so sure if it also can handle this virus.
Well its July 9'th now, so... I guess this Internet cafe where I'm at right now is fine. And I've tried the link either you or JamesK showed, its green.


P.S: Oh there's the answer. Thanks bafm.

 

[jeansGuyOZ]

I saw this reported in last week's newspaper and was surprised there had not been more publicity. Not the "Doomsday is upon us" type of publicity, just basic information about how to check whether you have copped some bad DNS settings and how to fix them.

Since I am posting here, obviously my system survived the holocaust.

 

[XMan101]

Glad to see y'all survived

 

[gb2000ie]

So basically (just put me in 'person who live in the middle age' box) this virus is only active if the person have a Internet connection on their PC/smart phone or any kind of gadget that can be use to browsing and so. What will be happen if the person by some accident download a file that containing the virus but that person doesn't have an Internet connection in their house? Does this virus will do harm for the PC like damaging the software or so? How about the smart phone user? Does it have a same damage also?

To understand the point of DNS changer viruses, and how dangerous they are while their servers are alive, I need to explain what DNS does.

Computers talk to each other based not on human readable names, but by IP addresses. Humans need memorable addresses, so the domain name system was invented, allowing names of the form subdomain.domain.toplevel domain, like www.gayheaven.org. Each time you type gayheaven.org into your browser's address bar (or click on a link to here or a bookmark), the first thing your computer has to do is translate that name into the actual IP address the server is running at, then it contacts that IP address and asks for the page you are going to. That lookup is done by DNS.

A malicious DNS server can return wrong answers. This gives bad-guys GREAT power. They can do things like set up their own fake copy of paypal at their IP address, then send everyone there instead of to the real paypal, and get everyone's usernames and passwords. In THEORY, HTTPS should make this impossible, but how many people actually remember to check for the padlock icon, and how many people just click OK when they get a certificate error? Saddly, most, so this kind of DNS-based "Man in the middle attack" is very effective.

Now - as soon as the authorities take over/out the malicious DNS server the danger passes.

The problem we have is that for the last year, the formerly malicious DNS server was just left on. This means that all the people infected with the virus are still pointing at it, so they have no idea they are infected, and hence have not done anything to fix themselves. When those servers are stopped, they will not be able to convert names to IP addresses. They will have a working internet connection, but it will appear broken. The fix is enter a valid DNS server into your computer's network settings. A good one to remember is that google have a free DNS service running on the IP address 8.8.8.8.

Hope that makes sense.

B.

 

[garth33]

Glad to see y'all survived

whew! I wish there was a forehead swiping smiley - another crisis averted!

I just hope these "DOOMSDAY" scares don't get classified into a "chicken little - the sky is falling' category among computer users and they start to disregard them or not treat them seriously. The threats are very real out there - we all need to be careful...

g

 

[brmstn69]

whew! I wish there was a forehead swiping smiley - another crisis averted!

I just hope these "DOOMSDAY" scares don't get classified into a "chicken little - the sky is falling' category among computer users and they start to disregard them or not treat them seriously. The threats are very real out there - we all need to be careful...

g

:whew::whew::whew::whew::whew::whew::whew::whew:

 

[RefixnarcisM]

@gb2000ie : So it was like this virus linking us to the false web site or like some warning page that there's a problem in the Internet connection? Then make our Internet connection broken forever? And with the virus, people who make this virus could use our bank account passwords or username, even use it to order an item or stuff in the online store then charge it to our account?

 

[slimjim]

Basically the spammers hijack your internet connection for their own purposes, either sending spam or sending you to fake amazon or e.bay sites etc to get your credit card and bank account details etc. ... but as your PC is clean you have NOTHIN to worry about.

As I understand it the F-b-1 have been "re-hijacking" them and routing them safely through their own servers, and that on 9th July the f-b-1 where going to switch off the "rescue" which would leave any infected PC without a working internet connection

 

[RefixnarcisM]

Aah I see. So I guess this is just an old tactic by some people to hijacking our account. There are plenty tactic similar like that wright? Using another but kinda same virus too hidden in the mail spam like that. So why does make this one like some big thing? Well maybe for some people see it as a big thing.

 

[slimjim]

So why does make this one like some big thing? Well maybe for some people see it as a big thing.

I guess it's because of the number of PCs affected, one report I read was talking of maybe 350,000 worldwide

 

[RefixnarcisM]

I guess you're right. Been looking for an information about the worst case of virus computer. In 2003 there's a SQL Slammer case. Almost 200.000 computer system damage, the loss it self hit almost like the Red Code cases which is $635 billion. So this one might expense more than that case in 2003. Such a huge amount of money, I can buy plenty hot boys out there rofl.
So this is really end right? I mean the virus. It doesn't exist anymore?

 

[gb2000ie]

@gb2000ie : So it was like this virus linking us to the false web site or like some warning page that there's a problem in the Internet connection? Then make our Internet connection broken forever? And with the virus, people who make this virus could use our bank account passwords or username, even use it to order an item or stuff in the online store then charge it to our account?

If you want a good analogy, controlling the DNS server a victim uses is like taking over their telephone exchange. They think they are going to their bank or their gmail or what ever, but you have re-wired things so they actually go to your phone where you can then pretend to be their bank and ask them for their details. They will have dialled the right number (i.e. entered the right web address), but ended up taking to the wrong person.

All this virus did was check every few seconds that the DNS settings on the computer were pointing to the evil DNS server they controlled, and not the legitimate DNS server provided by the victim's ISP. If the victim spotted that the settings were wrong and changed them, the virus would change them back a few seconds later.

What the attackers could do once they have the victim's machine configured to use their evil DNS servers is bounded only by their imagination. By pretending to be your bank they could get the details they need to steal your money. By pretending to be you in GMail they could con your relatives out of money by sending an email on your behalf with some sort of sob story. By watching where all you try to browse to they could blackmail you. By intercepting all your web surfing they could insert viruses into any page you visit, allowing them to completely take over your computer. By changing the ads in the web pages you see, they could make a fortune from ad view commissions. The damage they could do is really endless.

SOME of the dangers could be avoided by people being careful to always go to the secure version of any web page that looks for a username and password. If you are the kind of person who ALWAYS checks for the padlock icon and ALWAYS says no when they get a certificate error, then they won't get your user names and passwords. But, even then, they will be able to blackmail you possibly, and they will definitely still be able to insert other viruses into the web pages you visit, and to alter the content on those pages.

The one up-side to this kind of attack is that as soon as the malicious DNS server is secured by authorities, the danger is neutralised. Then, it's 'just' a matter of getting all the infected computers disinfected, allowing correct DNS settings to be restored.

I hope that helps, and that I'm not just confusing you more?

B.

 

[RefixnarcisM]

Thank you, I get the point why is it a dangerous virus. One question, what is 'padlock icon' ? How big the possibilities that web site who used a username and passwords system is safer than other site? What if the person who also as a member of the same site as we are, injecting viruses in the site. That means that no more 'safe' again by using a username and passwords system right?

 

[gb2000ie]

Thank you, I get the point why is it a dangerous virus. One question, what is 'padlock icon' ? How big the possibilities that web site who used a username and passwords system is safer than other site? What if the person who also as a member of the same site as we are, injecting viruses in the site. That means that no more 'safe' again by using a username and passwords system right?

"normal" web pages have URLs that start with http://. When ever you see http://, you know that everything you send to the site, and everything the site sends back to you is un-encryprted, so it can be seen, and interferred with en-route. For normal browsing this really isn't a big deal, and the vast majority of the internet users http.

"secure" web pages have URLs that start with https:// - the s standing for secure. HTTPS traffic is encrypted, so it can't be seen or interfered with as it whooshes through the internet. Most browsers will go out of their way to show you that a site is secure by making the address bar blue or green, and most also show a padlock icon either in the URL bar, or in the title bar of the window or tab. Really, what matters is that you see https://, the padlock is just what most browsers use to emphasise that you are using https.

Now - you might ask, why does the whole internet not use HTTPS if it is so much safer? The answer is simple - cost! To use HTTPS you need a certificate for your site. You need to get that certificate issued by a certificate authority, who will then verify that you are who you say you are, and then issue you a cert for up to 3 years. It's this cert that stops others impersonating your site, even if they control a victim's DNS server. Their browser will be redirected to the bad guy's server, but they won't be able to provide a valid certificate, so the browser will pop up an error message warning you to run away!

So, getting a cert takes time and effort, and they cost money. They have to be renewed every few years, costing more time and money. There are also other hidden costs because multiple https websites can't share the same IP address (easily), while multiple http servers can, so you need more expensive hosting. Then, you have the fact that encrypting and decrypting all the web traffic takes CPU time on your server, so you need a bigger server to deliver the same number of pages over https compared to doing it over http. In short, https takes time, effort, and money, so not all sites do it.

All banks should to it. All email providers shoudl do it. All social networks should do it, but after that, it's hit and miss. GH for example does not support https, so never use the same password for GH that you use in other places, because that password is floating around the internet in unencrypted form.

Hope that answers your question?

B.