OT FBI to shut down internet access for some on july 9th

[fordjx4000]

hey i heard this on the news i wanted to warn everyone here on july 9th 2012 the FBI will shut down internet for people who's computer is infected with virus known as dns changer the fbi has previded a website for people to check to see if there computer is infected with this virus
the website is http://www.dns-ok.us/

[chunkyfrog]

Hey, sheriff, is this legit?

[idamtnboy]

Hey, sheriff, is this legit?

It's discussed in this topic.

viewtopic/t77057/VERY-IMPORTANTINFECTED-COMPUTERS.html

[nanwilson]

Do you actually believe the FBI have a way to detect who's computer is infected and to shut it down.......this is the internet, do you belive every thing you read. Its just like that guy who warned that the "end" was coming and a bunch of believers went out and spent every last $$$$$ they had. Not believable.

[chunkyfrog]

Y2K, too.
Of course, they can see a heckuva lot more on satellite images than most folks believe.
(or am I allowed to say that?)
The TV show, "Person of Interest" is likely to fuel more paranoia.

[torontoCPAPguy]

WARNING - WARNING - WARNING

The checkout routine may be the virus payload here. DO NOT DOWNLOAD IT under any circumstances!!

If you have a virus scanner installed like Norton or AVG Pro - go to their website to find out the latest antivirus news. NEVER EVER depend on an email or such for virus information. NEVER NEVER download anything from a source that is not trusted and understand that website names can be spoofed so you really don't know what you are dealing with at all.

I'm NOT saying this is a spoof at all. What I am saying as IT Administrator for a very large telecommunications provider is that YOU need to be proactive with regards to malware. I would also check out the Malwarebytes website. If you are totally insane about this, make sure your antivirus is up to date and run a full system scan including a rootscan.

Virus warnings are often, in and of themselves, the payload (please pass this along to everyone in the world... it is urgent, etc). Most forums ban the posting of virus warnings for this reason. There is a new virus every day.

The giveaway on this one is simply that it is the FBI first of all (they do NOT get involved in virus/malware stuff), that they are going to shut the internet down for a group of people whom the cannot identify if they are not online especially, and just the fact that they are going to shut down 'the internet'. Carriers like Bell DO INDEED watch their customers to see if they are propogating malware, spam or viruses and can and will shut them down until a good antivirus is installed and run, etc. On a larger scale it is unlikely to happen because the virus will just propogate itself again the moment things are 'turned back on'.

The reference that should be posted if one insists on posting about a virus scare is the reference to a reputable site (i.e. Norton) discussing said virus.

Keep your updates up to date! Your software should take care of the rest.

Murray

[BigTex]

FBI is NOT shutting down internet connections in this case.

The virus that infected computers changed the DNS server lookups.
The DNS servers is how you find an IP address from a domain name.
Kind of like looking up someones phone number in the phone book.

FBI basically took over the IP addresses that the virus used to send people to fake websites and replaced the DNS servers with legit ones.
FBI will shut down those servers and computers how are still using it will not be able to find websites, email servers, etc.

The owners of the infected computers need to fix their DNS problem and its pretty simple.

[idamtnboy]

Do you actually believe the FBI have a way to detect who's computer is infected and to shut it down.......this is the internet, do you belive every thing you read. Its just like that guy who warned that the "end" was coming and a bunch of believers went out and spent every last $$$$$ they had. Not believable.

It's not a case of FBI seeing whose computer is infected. In fact they don't know.

When you enter a URL into your web browser your computer uses a file to know where to go to have that address changed to an IP (internet protocol) number. It's called a Domain Name Server, or DNS. In other words your computer goes to a server and asks, "OK, where do I go from here to get there?" For example, your computer's DNS file sends you to a DNS server that changes the "cpaptalk.com" you type in the URL box into 67.23.36.234, the IP address of this web site. To see this type in http://67.23.36.234 into your browser. You'll see this site come up. Your computer does not come here in one step. In infected computers the DNS file was changed by malware so the user's computer would be directed to a rogue domain name server.

A legitimate DNS sends the user to the correct web site. The rogue server the FBI captured, and replaced, was sending to users to fake web sites that were made to look legitimate. The fake web sites then stole passwords and user IDs. If the FBI had just yanked out the rogue DNS thousands of users would have lost internet connection because their infected computer would send them to a computer that did not exist any longer. To prevent this the FBI set up a domain name server that took users whose infected computers were sending them to the fake server, and forwarded them to legitimate web sites. The infected users never knew the difference. The FBI did this in a manner to avoid looking like they were interfering with Americans' use of the Internet. But it's costing the FBI $10,000 a month to maintain the temporary DN servers so they decided it's time to cut off this temporary support for infected computers.

It is the temporary replacement domain name server that the FBI is removing. Anyone whose computer is still infected will now try to go to a DNS that does not exist, and that is where their surfing stops.

This is a part of the internet surfing experience very, very, few users are acquainted with. They don't need to be. Their computer just works.

[idamtnboy]

This is NOT about a malware scare. It's about what will happen to thousands, and thousands only, because of actions taken by the FBI in response to a several months ago malware criminal activities.

The giveaway on this one is simply that it is the FBI first of all (they do NOT get involved in virus/malware stuff), that they are going to shut the internet down for a group of people whom the cannot identify if they are not online especially, and just the fact that they are going to shut down 'the internet'.

Did you read the articles about this? If so, I really don't think you would have written the above. I suggest you go here http://www.dcwg.org/ where you'll see this:

What is the DNS Changer Malware?

On November 8, the FBI, the NASA-OIG and Estonian police arrested several cyber criminals in “Operation Ghost Click”. The criminals operated under the company name “Rove Digital”, and distributed DNS changing viruses, variously known as TDSS, Alureon, TidServ and TDL4 viruses. You can read more about the arrest of the Rove Digital principals here, and in the FBI Press Release.

The internet security companies have addressed it. Here is just one such link. http://www.symantec.com/security_respon ... asid=23935

[torontoCPAPguy]

FBI is NOT shutting down internet connections in this case.

The virus that infected computers changed the DNS server lookups.
The DNS servers is how you find an IP address from a domain name.
Kind of like looking up someones phone number in the phone book.

FBI basically took over the IP addresses that the virus used to send people to fake websites and replaced the DNS servers with legit ones.
FBI will shut down those servers and computers how are still using it will not be able to find websites, email servers, etc.

The owners of the infected computers need to fix their DNS problem and its pretty simple.

And there you go. There is a perfectly logical and plausible explanation for this piece of malware. Again, if you are running realtime malware and antivirus your software should pick it up on the spot. Making a change to the DNS settings on your workstation or server is a biggie and any AM/AV software would pick it up bigtime I think.

Murray

[torontoCPAPguy]

This is NOT about a malware scare. It's about what will happen to thousands, and thousands only, because of actions taken by the FBI in response to a several months ago malware criminal activities.

The giveaway on this one is simply that it is the FBI first of all (they do NOT get involved in virus/malware stuff), that they are going to shut the internet down for a group of people whom the cannot identify if they are not online especially, and just the fact that they are going to shut down 'the internet'.

Did you read the articles about this? If so, I really don't think you would have written the above. I suggest you go here http://www.dcwg.org/ where you'll see this:

What is the DNS Changer Malware?

On November 8, the FBI, the NASA-OIG and Estonian police arrested several cyber criminals in “Operation Ghost Click”. The criminals operated under the company name “Rove Digital”, and distributed DNS changing viruses, variously known as TDSS, Alureon, TidServ and TDL4 viruses. You can read more about the arrest of the Rove Digital principals here, and in the FBI Press Release.

The internet security companies have addressed it. Here is just one such link. http://www.symantec.com/security_respon ... asid=23935

Again, and I repeat for effect, this is indeed the press building a small story into a mountain. Any antivirus/antimalware software worth its salt would pick up something trying to change its DNS settings or registry in a blink in realtime. I did not read the articles as I did not have to.. I have been at this so many years that it is obvious, smack me in the face, pour cold water over my head... obvious. And really, antimalware software WILL pick up this kind of nefarious activity on the spot and ask you if it is honest and should it proceed with the changes (Answer = no obviously). Every once in a while the press picks up on what is otherwise an everyday occurance and runs with it, sensationalizing it. It is a shame as it makes folks think that they don't need antivirus/antimalware software and that Uncle Sam is going to take care of their problems. NOT SO! Take heed that if you are not proactive with this stuff you are going to get bitten.

Nuff said.

Run a good suite of software and sleep soundly. It is unlikely you will get infected although you will get hit hundreds or thousands of times a day in the case of large email servers.. we do. THOUSANDS of times daily. Our software takes care of things for us. Else you can invest in something like a Barracuda box to stick on your email servers or in front of your workstation and subscribe to their service and let them take care of things for you. Either way, if you are running good stuff to prevent this, there is NO WAY that this malware is going to infect you unless you let it. Like answering yes to "Do you want this free game downloaded to your system?".

Really. 30 years. Big system. One infection as the result of a fluke hit. Fixed by running a scan and fixing the registry. Finished.

We are now looking at the Barracuda box, etc.

[idamtnboy]

Again, and I repeat for effect, this is indeed the press building a small story into a mountain. Any antivirus/antimalware software worth its salt would pick up something trying to change its DNS settings or registry in a blink in realtime. I did not read the articles as I did not have to.. I have been at this so many years that it is obvious, smack me in the face, pour cold water over my head... obvious. And really, antimalware software WILL pick up this kind of nefarious activity on the spot and ask you if it is honest and should it proceed with the changes (Answer = no obviously). Every once in a while the press picks up on what is otherwise an everyday occurance and runs with it, sensationalizing it. It is a shame as it makes folks think that they don't need antivirus/antimalware software and that Uncle Sam is going to take care of their problems. NOT SO! Take heed that if you are not proactive with this stuff you are going to get bitten.

Nuff said.

Run a good suite of software and sleep soundly. It is unlikely you will get infected although you will get hit hundreds or thousands of times a day in the case of large email servers.. we do. THOUSANDS of times daily. Our software takes care of things for us. Else you can invest in something like a Barracuda box to stick on your email servers or in front of your workstation and subscribe to their service and let them take care of things for you. Either way, if you are running good stuff to prevent this, there is NO WAY that this malware is going to infect you unless you let it. Like answering yes to "Do you want this free game downloaded to your system?".

I agree 100% with everything you say above. But you have missed the point of the whole discussion. There is no threat. There is no unknown super bad malware on the loose being warned about. Neither the original poster nor I have in any way said there is. But, back in November and earlier there was, and hundreds of thousands of computers, most nearly all home PCs, were infected with a DNS changer malware. The FBI, NASA-OIG, and Estonian police caught the criminals. But what to do with all those PCs in the world that were being directed through a rougue server and then onto the Internet? Let them all of a sudden lose their Internet connectivity? The FBI decided no, they would set up temporary domain name servers to replace the rogue servers and thus permit the affected PCs to continue to connect to the Internet. Now they are planning on shutting down those servers. Any PC that was modified by the malware, and has not subsequently been cleaned and corrected, will lose its Internet connectivity.

The message is clear and simple. If your PC was infected last year, and was modified to go to the criminals' server instead of the ISP's, or whoever's, legitimate server for domain name translation, and has not been fixed, it will lose connectivity. That is all there is to this whole thing. Thousands, but not millions, of PC users around the world are going to wake up some morning in July, the current date for shutting the servers down, and find they cannot get onto the Internet.

Please read the articles. You are looking at this topic through the paradigm of all your years of computer experience. This topic is not the usual "sky is falling down" message you have rightfully dismissed hundreds of times before. This is an unusual and interesting twist on the issue of computer security and criminal use of the Internet. In the grand total of internet users worldwide this issue will affect an extremely small and hardly noticeable portion of that crowd. In fact so few users will be affected this topic would have been best left in the background. But it came up, it is a legitimate issue, and my only interest is helping those who are concerned about it understand it's really nothing to worry about.

[harrybro]

Hey,

I'm NOT saying this is a spoof at all. What I am saying as IT Administrator for a very large telecommunications provider is that YOU need to be proactive with regards to malware. I would also check out the Malwarebytes website. If you are totally insane about this, make sure your antivirus is up to date and run a full system scan including a rootscan.

[torontoCPAPguy]

Well, maybe I will eat a bit of crow here.
If the newsboys bring the malware's effect to folks' attention, they can then check out their DNS settings (takes 2 minutes) and change their DNS settings to valid ones (another 1 minute invested). OTOH, if Malwarebytes, AVG or Norton, etc., are aware of the 'threat' then they should be scanning for same and advising the user to check their DNS settings. Generally, when you sign up as an individual with an ISP (Internet Service Provider) they will give you a list of valid DNS servers which you can enter.

Worst possible case, your internet connection dies, you get an automated message on attempting to repair the fault that advises you that you have no DNS and you then change your DNS settings to a valid setting, which does not have to be the DNS servers of your provider by the way.... any open DNS server will do.

Hopefully, this is not going to bother a whole lot of us.... and is restricted to a relatively few users.

[NateS]

Isn't everybody running on OpenDNS automatically protected from DNS switching?

Nate

Not connected with them in any way except as a satisfied user for years!