Sunday, 8 July 2012

Protect Yourself From DNSChanger

If the DNSChanger rootkit has infected your PC, you'll lose access to the Internet when the FBI shuts down DNSChanger's surrogate DNS servers. Here's how to determine whether you're infected, and what to do if you are.

How to Deal With DNSChangerIn July the Internet Systems Consortium will permanently shut down DNS servers deployed to serve as temporary surrogates for rogue DNS servers shut down as part of Operation Ghost Click, an FBI operation that brought down an Estonian hacker ring last year. If your PC is one of the more than 1 million computers infected that carry DNSChanger you might unknowingly be relying on one of the FBI's temporary servers to access the Internet, and if you don't eliminate DNSChanger from your PC before the FBI pulls the plug on its servers, you'll be left without Internet access. Read on to learn how to discover whether you're infected with DNSChanger, and what you can do to eliminate it from your system.

How to Tell Whether DNSChanger Has Infected Your PC

 DNSChanger Check-Up screen; click for full-size image.The DNSChanger Check-Up websites will automatically check which DNS servers you're using; it will let you know that your PC is clean by flashing a green background.To figure out whether you've been infected with DNSChanger, just point your Web browser to one of the (admittedly amateur-looking)DNSChanger Check-Up websites that Internet security organizations maintain across the globe. The link above will take you to a DNS Changer Check-Up page in the United States that the DNS Changer Working Group maintains; if you live outside the United States, you can consult the FBI's list of DNSChanger Check-Up websites to find an appropriate service for your region.
Unfortunately, if your router is infected, those websites will think that your PC is infected, even though it may be clean; worse, if your ISP redirects DNS traffic, your PC may appear to be clean even though your DNS settings may have been maliciously altered. If you want to be certain that your PC is free of DNSChanger malware, you need to manually look up the IP addresses of the DNS servers that your PC contacts to resolve domain names when browsing the Web.
To look up which DNS servers your Windows 7 PC is using, open your Start menu and either run the Command Prompt application or type cmd in the Search field. Once you have a command prompt open, type ipconfig /allcompartments /all at the command line and press Enter. A big block of text should appear; scroll through it until you see a line that says 'DNS Servers', and copy down the string(s) of numbers that follow (there may be more than one string here, meaning that your PC accesses more than one DNS server).
Use the /ipconfig command; click for full-size image.Use the /ipconfig command to look up the IP addresses of the DNS server(s) that your PC is using.
It's even easier for Mac OS X users to determine the IP addresses of the DNS servers that their PC uses. Open the Apple menu (usually located in the upper-left corner of the screen) and selectSystem Preferences. Next, click the Network icon to open your Network Settings menu; navigate to Advanced Settings, and copy down the string(s) of numbers listed in the DNS Server box.
The Advanced Network Settings menu's DNS tab; clcik for full-size image.Mac users can find their DNS server IP address(es) under the DNS tab of the Advanced Network Settings menu.
Once you know the IP addresses of the DNS servers that your PC is using, head over to the FBI DNSChanger website and enter those addresses into the search box. Press the big blue Check Your DNS button, and the FBI's software will tell you whether your PC is using rogue DNS servers to access the Internet.

What to Do If Your PC Is Infected by DNSChanger

If your PC is infected with DNSChanger, you'll have to do some intensive work to get rid of it. DNSChanger is a powerful rootkit that does more than just alter DNS settings; if you've been infected with DNSChanger, the safest course is to back up your important data, reformat your hard drive(s), and reinstall your operating system. For more information, consult our guide to reinstalling Windows.
If you're leery of reformatting your entire PC, you can try rooting out the DNSChanger rootkit with a free malware removal utility such as Kaspersky Labs' TDSSKiller. As the name implies, Kaspersky released the program to help PC owners seek and destroy the TDSS rootkit malware, but it also detects and attempts to eliminate DNSChanger and many other forms of rootkits. The DNSChanger Working Group website maintains a large list of links to malware clean-up guides and utility software you can use to try and eradicate DNSChanger from your PC.
If the infected PC is on a network, you'll have to check every other PC on the network for signs of infection, and then check your router's settings to ensure that it isn't affected (DNSChanger is programmed to change router DNS settings automatically, using the default usernames and passwords of most modern routers). To do this, copy down your router's DNS server IP addresses (located in your router's settings menu; read "How to Set Up a Wireless Router" for more information) and check them against the FBI's IP address database mentioned above. If your router is infected, reset the router and confirm that all network settings are restored to the manufacturer's defaults.
When you're done, repeat the steps outlined above to verify that your PC is no longer infected with DNSChanger. With all traces of this vicious malware eliminated, you should have nothing to fear when the FBI shuts down the ISC's temporary DNS servers in July.




From checking the news and weather to socializing with friends and reading emails, new research shows tablets have quickly become a big part of the world's daily routine.
The study by Gartner revealed the top five activities migrating from personal computers to media tablets are checking email, reading the news, checking the weather forecast, social networking and gaming.
“The rapid adoption of media tablets is substantively changing how consumers access, create and share content,” said Carolina Milanesi, research vice president at Gartner.
The research also shows that a shift from paper to screen-based consumption is under way.
The survey found that more than 50 percent of tablet owners prefer to read news, magazines and books on a screen rather than on paper.
"We do not believe that the 'paperless home' will prevail, but it is clear that the 'less-paper model' is the new reality," said Meike Escherich, a principal research analyst at Gartner.
The study found that tablets play a more dominant role in the home than mobile phones or PCs, with the highest usage in the living room, bedroom and kitchen.
"Weekday evenings are the most popular time to use media tablets, and this usage flattens out during the weekend as people tend to be away from home," Milanesi said.
Most purchase a tablet over a PC for its convenience, small size and light weight, the study shows.
The research also found that 45 percent of respondents don’t share their tablet, confirming that a media tablet is almost as personal as a mobile phone when it comes to usage and consumer attitude.
While tablets might be used more in the home, mobile phones are used most throughout the day. According to the survey, the average owner uses their mobile phone an average of eight times a day for tasks requiring connectivity, compared to just twice a day for tablets and three times a day for laptop computers.
"The mobile phone is the most personal device in the hands of users, and it enables more private activities," said Annette Zimmermann, a principal research analyst at Gartner.
Males and females showed similar attitudes toward the use of mobile devices; however, men seem to prefer gathering information with their mobile devices, while women use them more for personalized entertainment activities like gaming and socializing via Facebook or Twitter, the research showed.
The study was based on surveys of more than 500 consumers in the United States, United Kingdom and Australia who own at least one tablet and two other connected devices.

DNSChanger check
It sounds like one of those annoying chain emails that show up from technically challenged acquaintances: "The FBI Will Take Your Computer Offline July 9 If It Has A Virus! Visit This Site Immediately To Check!! Forward This To Everyone You Know!!!"
But the Federal Bureau of Investigation really has posted a warning on its site about the risk of "DNSChanger" malware, which really will result in your computer getting disconnected from the Web on July 9 if you don't clean it up. You won't be able to go online, and you'll need to contact your service service provider for help getting the malware deleted before you can reconnect to the Internet.
The Infection Check
To see you're infected, you just need to be able to read one line of text or know the difference between green and red. Visit www.dns-ok.us; if you see a green background to the image on that page and the words "DNS Resolution = GREEN," you're safe. (Your Internet provider may also offer a similar service. Comcast subscribers, for example, can check their computers at amibotted.comcast.net.)
If you see otherwise, you have a few more days to fix the problem. Since DNSChanger can disable security programs, you may not be able to do this the easy way, by clicking a "scan" button in your anti-virus app. You can try specialized DNSChanger-removal tools from such firms as SecureMac, or run general-purpose anti-rootkit software like MalwareBytes' Anti-Malware or Kaspersky Labs' TDSSKiller.
The DNS Changer Working Group, created by Internet-security experts to help clean up the problem, has also set up a page with links to manual malware-cleanup instructions from Microsoft and others. In a worst-case scenario, you may need to reinstall your computer's operating system and software from scratch, using either the disks that came with the computer or the recovery partition on its hard drive. 
But that still beats having a computer that can only navigate the Internet by numbers.
So if you have friends or family members online who might not know to check for this problem, please forward this post to them. But hold the exclamation points.
The story began last November when the bureau announced it had busted a 4-year-old Estonia-based conspiracy. The suspects had infected about 4 million computers -- some 500,000 in the United States -- with malware called DNSChanger (also referred to as Alureon) that diverted victims to scam sites.
This "rootkit" malware was usually delivered as a fake download for Windows or Mac OS X that then silently altered the Domain Name System settings on computers and even some wireless routers. That's about the most serious compromise an Internet-connected machine can suffer; when DNS stops correctly translating domain names like discovery.com to machine-readable Internet Protocol addresses like 63.240.215.85, you no longer know what sites you're dealing with.
But once an infected machine has been cuffed to DNSChanger's rogue servers, shutting it off would effectively unplug it from the Internet. To give unaware victims time to clean up their systems, the FBI secured a court order requiring the Internet Systems Consortium, a nonprofit Net-architecture firm, to take over and sanitize those servers.
But all bad things must end; after one stay of execution, ISC is now set to turn off the DNSChanger servers on July 9. At that point, any infected machine will only be able to connect to numerical IP addresses, essentially, a rotary-dial version of the Internet.
Credit: Rob Pegoraro/Discovery


Internet shutdown July 9: dnschanger malware check up on FBI.


Internet shutdown July 9 is very close to us and people are apprehensive. But dnschanger malware check up can be done on FBI website and several other websites
If you are using Microsoft Windows personal computer, you must be on guard today and tomorrow as you may be a target of malware attack. The whole world seems to be on guard right now and everyone is trying to ascertain if he or ship is a prized target.
But the good thing is the fact that you can check whether you are an intended target or not. There are some websites that you can access and check whether your computer is infected or not. Based on your IP address the website can clearly tell you if you are a target.
There are several website that can automatically detect your IP, but in the case of FBI website that is the most reliable website to detect and advise on the issue, you will have to inset your IP address when you are asked to do. Other websites including Mcafee and dns.ok.u automatically detect your IP addresses and advise you accordingly.
The hackers who are targeting unsuspected internet users want to generate profit (illegally) through automatic impressions and clicks for their online ads. A report while detailing their modus operandi says, “DNS translates domain names like google.com and facebook.com (which are meaningful to humans) into IP addresses (which are meaningful to computers) for the purpose of locating devices on a private network or the Internet as a whole. The theoretical plan is to overload the Internet’s root nameservers, impacting the operation of the entire global DNS, which would affect all Internet services that use it, rather than just specific websites. The World Wide Web as we know it would still be there, but you would only be able to access websites if you know their IP address.”
It is not a rocket science, but a fairly simple process that hackers use it to further their nefarious designs. DNSChanger is a Trojan horse that can be distributed in many forms. When this Trojan or malware is installed on a system it actively changes the infected system’s DNS settings to rogue servers that redirect legitimate searches and URLs to malicious Web sites that attempt to steal personal information and generate illegitimate ad revenue for the scammers. Last year it made headlines across the world and this year too the same is happening.
To be true, The DNSChanger malware first came into general notice some five years ago in the year 2007. Reports suggest that till last year at least half million systems in the US were infected by this malware, while millions of systems across the world got infected. The hackers were able to make hundreds of thousands of dollars by directing unsuspected users to click on their ads. A report suggests that they were able to make around $14 million.
Check your PC whether it is infected with the dnschanger malware

Saturday, 7 July 2012