Computers Infected By 'DNS Changer' Trojan Malware Will Lose Internet Access Monday

  • Thread starter Thread starter Adam
  • Start date Start date
We can only hope that those stupid enough to get or rather allow their
computer to remain infected after all the notifications are down for at
least a week.

With luck those that remain online will have sense enough to ignore the
phone calls asking for help from those stupid twits... ;)
Click to expand...

Where's the damn 'like' button here... :)
 
GlowingBlueMist said:
We can only hope that those stupid enough to get or rather allow their
computer to remain infected after all the notifications are down for at
least a week.

With luck those that remain online will have sense enough to ignore the
phone calls asking for help from those stupid twits... ;)
Click to expand...


Oh, that's harsh! There's such thing as internet withdrawal, ya know.
:-)
 
David H. said:
LOL - No. It's irrelevant to the DNS Protocol and what servers you use.
Click to expand...
Yes, but if this "DNS Changer" Trojan (is it a trojan?) triggers on
Monday, then it must find out from somewhere that it _is_ Monday.
Presumably it uses an online timeserver, but this is only a presumption:
the question is valid!
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G.5AL-IS-P--Ch++(p)Ar@T0H+Sh0!:`)DNAf

I believe the cake has got to be sliced up to help those who are needy and
you've got to keep someone there who's going to make the cake. Here we always
destroy the people who make the cake. - Michael Caine (MM), RT, 7-13 Nov 2009.
 
J. P. Gilliver (John) said:
Yes, but if this "DNS Changer" Trojan (is it a trojan?) triggers on
Monday, then it must find out from somewhere that it _is_ Monday.
Presumably it uses an online timeserver, but this is only a presumption:
the question is valid!
Click to expand...

No, on Monday morning the FBI technician is going to lean over and pull
the power plug from the wall outlet. No timeserver is needed.

If he calls in sick on Monday, your computer may last for another day.
 
What if you turn your clock or calendar back? Does that buy you more time?
Click to expand...

Read Sam Hill's reply in the subthread. It is both correct and clever.

The DNS redirection is occurring at a server which belongs to the FBI,
and which the FBI is about to repurpose.

Once that happens, any flawed computers will no longer get redirected to
that server, and their misdirected addresses won't be fixed any more.

This is happening out in the cloud, not in your computer.
 
[snnnip]

And, of course, what happens if the folk are using a VOIP
system that hooks up through their computer? Does this
mean they can't call for help to get their phone working?
 
David H. said:
No. There ios no "trigger date". The DNSChanger trojan changes the
DNS Table of computers and SOHO Routers. That change was in effect
subsequent to a reboot upon infection.

The ONLY concept about Monday is that the the DNS Servers tied to the
IP addresses of were the malicious DNS Servers will be taken down.
Click to expand...

I don't understand the above "sentence" (-:.
 
J. P. Gilliver (John) said:
I don't understand the above "sentence" (-:.
Click to expand...
The trojan works by redirecting DNS requests by infected computers and
routers to a server which is currently controlled by the FBI, having
been removed from the control of the bad guys some months ago. This
server directed certain address requests to malware or advertising
sites, effectively hiding the correct websites from the user.

This nameserver will be disconnected from the internet on Monday 9th
July. As a result, all computers and routers that are using it as their
default or only nameserver will be unable to look up the IP addresses
for websites.

If you have sites which you access by typing in the IP address directly,
you won't be affected, If you have made sure that you use your ISP's
nameserver, you won't be affected. If you are deliberately using
something like 8.8.8.8 or one of the other public nameservers, you won't
be affected.

If your security programs are up to date, you won't be affected, as this
exploit has been fixed by all of them a long time ago.

 
John Williamson said:
The trojan works by redirecting DNS requests by infected computers and
routers to a server which is currently controlled by the FBI, having
been removed from the control of the bad guys some months ago. This
Click to expand...

Thanks - a most clear explanation.
server directed certain address requests to malware or advertising
sites, effectively hiding the correct websites from the user.

This nameserver will be disconnected from the internet on Monday 9th
July. As a result, all computers and routers that are using it as their
default or only nameserver will be unable to look up the IP addresses
for websites.
Click to expand...

Kind of the FBI to help out for as long as they did!
If you have sites which you access by typing in the IP address
directly, you won't be affected, If you have made sure that you use
your ISP's nameserver, you won't be affected. If you are deliberately
using something like 8.8.8.8 or one of the other public nameservers,
you won't be affected.

If your security programs are up to date, you won't be affected, as
this exploit has been fixed by all of them a long time ago.
Click to expand...
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G.5AL-IS-P--Ch++(p)Ar@T0H+Sh0!:`)DNAf

The sun, with all those planets revolving around it and dependent upon it, can
still ripen a bunch of grapes as it if had nothing else in the universe to do.
-Galileo Galilei, physicist and astronomer (1564-1642)
 
Ken Blake said:
I'll add my vote for TeamViewer to yours.
Click to expand...
And mine. I've used it (from this XP netbook) to sort out friends on XP,
Vista, and 7. (The XP and 7 users are blind, to boot.)
 
J. P. Gilliver (John) said:
Thanks - a most clear explanation.


Kind of the FBI to help out for as long as they did!
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G.5AL-IS-P--Ch++(p)Ar@T0H+Sh0!:`)DNAf

The sun, with all those planets revolving around it and dependent upon it,
can
still ripen a bunch of grapes as it if had nothing else in the universe to
do.
-Galileo Galilei, physicist and astronomer (1564-1642)
Click to expand...


Also, for those with a router, it's safer to "not" use the factory password
provided by
the manufacturer. Change the password to something more secure to
prevent malware from breaking into your router/network.

Routers probably should ship with a more unique password instead of
one factory password for all routers of the same make/model.

That's one way the malware was breaking in and changing the DNS settings.
 
Big Steel said:
Monday will come and pass. It's just another doomsday that will not amount
to much.
Click to expand...

Kinda like the Y2K scare; my boss made me come back early from vacation for
that one. But that was all right- I got triple time for eight hours, plus
two extra vacation days for that one :-)
 
Back
Top