Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




BDFL - Memuneh
57447 posts

Uber Geek
+1 received by user: 9108

Administrator
Trusted
Geekzone
Subscriber

Topic # 105328 2-Jul-2012 17:08 Send private message

I hear many ISP customers around New Zealand will be affected when the FBI switch off temporary DNS being currently provided to support users affected by the DNSChanger malware.

It is expected these servers will be switched off around the 9th July 2012.

DNSChanger affects both Windows and Mac OS computers.

Visit the DNSChanger Diagnostic page now to see if your computer is affected. If it is make sure you run a good antivirus/antispyware, clean up any of the infections acquired while visiting those dodgy websites, religious websites and hijacked Facebook accounts and switch the DNS configuration to the one provided by your ISP.

Also prepare for the "my computer can't connect to the Internet LOL" posts...




Filter this topic showing only the reply marked as answer Create new topic
2239 posts

Uber Geek
+1 received by user: 346

Trusted
Subscriber

  Reply # 649676 2-Jul-2012 17:26 Send private message

freitasm:
Also prepare for the "my computer can't connect to the Internet LOL" posts...


I suspect those users won't make it to geekzone.co.nz, however ISP HD's will wear that frustration ;)







BDFL - Memuneh
57447 posts

Uber Geek
+1 received by user: 9108

Administrator
Trusted
Geekzone
Subscriber

  Reply # 649677 2-Jul-2012 17:26 Send private message

"A friend of a friend". Or someone posting from work. Or from the phone. One never knows.




1574 posts

Uber Geek
+1 received by user: 11


  Reply # 649681 2-Jul-2012 17:34 Send private message

On a related note, people may also wish to take a look at running DNSCrypt, which encrypts DNS traffic between your computer and the DNS server (OpenDNS servers, I believe).

It should be noted that using DNSCrypt will probably add extra latency when accessing web pages, due to the fact that you wouldn't be contacting your ISPs own DNS servers, rather the OpenDNS servers.

http://www.opendns.com/technology/dnscrypt/



BDFL - Memuneh
57447 posts

Uber Geek
+1 received by user: 9108

Administrator
Trusted
Geekzone
Subscriber

  Reply # 649684 2-Jul-2012 17:36 Send private message

On that note we'd read people complaining about broken web experiences because of the way caching and CDNs work in New Zealand. Not the best solution unless you know what you are doing.




1574 posts

Uber Geek
+1 received by user: 11


  Reply # 649692 2-Jul-2012 17:49 Send private message

freitasm: On that note we'd read people complaining about broken web experiences because of the way caching and CDNs work in New Zealand. Not the best solution unless you know what you are doing.


Good point about CDNs and caching. Was just putting it out there for people to consider.
The sooner DNSSEC is implemented, the better.



BDFL - Memuneh
57447 posts

Uber Geek
+1 received by user: 9108

Administrator
Trusted
Geekzone
Subscriber

  Reply # 649696 2-Jul-2012 18:00 Send private message

Some ISPs can't even get their DNS properly configured, even less DNSSEC :(







BDFL - Memuneh
57447 posts

Uber Geek
+1 received by user: 9108

Administrator
Trusted
Geekzone
Subscriber

  Reply # 652937 9-Jul-2012 14:19 Send private message

A source tells me up to 1,000 people connecting via a large New Zealand ISP are believed to have their computers infected with DNSChanger. This is for one New Zealand ISP only - there may be more obviously.




1283 posts

Uber Geek
+1 received by user: 159


  Reply # 653017 9-Jul-2012 16:11 Send private message

freitasm: A source tells me up to 1,000 people connecting via a large New Zealand ISP are believed to have their computers infected with DNSChanger. This is for one New Zealand ISP only - there may be more obviously.


how easy would it be  for  said isp to flick these customers an email telling them what to do?





550 posts

Ultimate Geek
+1 received by user: 5


  Reply # 653125 9-Jul-2012 19:03 Send private message

So what exactly would happen?

"DNSChanger is a class of malicious software (malware) that changes a user's Domain Name System (DNS) settings, enabling criminals to direct unsuspecting internet users to fraudulent websites and interfere with their web browsing"

I went to the site and it says I'm OK. Although earlier today I was on station-drivers.com and being bombarded with spam pages popping up every time I clicked anything. That's got nothing to do with any of this?

Excuse my noobishness. Embarassed



BDFL - Memuneh
57447 posts

Uber Geek
+1 received by user: 9108

Administrator
Trusted
Geekzone
Subscriber

  Reply # 653128 9-Jul-2012 19:08 Send private message

DNSChanger would redirect the pages you visit to some other domain. As it is now your requests for pages would not work.





2987 posts

Uber Geek
+1 received by user: 454

Trusted

  Reply # 653130 9-Jul-2012 19:15 Send private message

Oubadah: So what exactly would happen?

"DNSChanger is a class of malicious software (malware) that changes a user's Domain Name System (DNS) settings, enabling criminals to direct unsuspecting internet users to fraudulent websites and interfere with their web browsing"

I went to the site and it says I'm OK. Although earlier today I was on station-drivers.com and being bombarded with spam pages popping up every time I clicked anything. That's got nothing to do with any of this?

Excuse my noobishness. Embarassed


If your computer is programmed to use dns server x.x.x.x then it will ask that server to convert domain queries such as www.google.com into ip addresses so it knows where to go and pull the webpage for www.google.com

If your computer cannot access the dns server at x.x.x.x, then when you key in www.google.com into your web browser, it wont be able to find out what google's ip address is and you wont be able to open the web page.

It effectivley means that the internet will stop working for these people.

The correct DNS server to use is the one inside your modem which relays your dns query onto your own internet providers servers.

The malware changed the infected user's computers to their own dns malicious servers. So if an infected user tried to lookup www.google.com, they could reply with any ip address they liked - such as sites that will take you to advertising or wherever they liked. One way i commonly see this is that they will design a fake google website that places an advertising banner at the top of the page, but pulls the rest of the page from google's real servers - they then make money on that advertising.

When the FBI shut them down, the FBI installed some real DNS servers in place of the fake ones. This was to stop a partial shutdown of internet access to thousands/millions of people while their internet providers were able to contact the infected users and correct their settings.

Taylor Communications has had dns traffic to the FBI servers redirected to our own fake dns server for a number of weeks now. It would direct any google query to our own web server and showed the users a web page that they were infected and were to call us so we could remotley run a malware scan and correct their settings.
Only two customers were infected so the issue was small for us - but the big guys will be getting alot of phone calls tomorrow from those that didnt know they were infected.




Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here




550 posts

Ultimate Geek
+1 received by user: 5


  Reply # 653256 10-Jul-2012 00:28 Send private message

raytaylor: 

If your computer is programmed to use dns server x.x.x.x then it will ask that server to convert domain queries such as www.google.com into ip addresses so it knows where to go and pull the webpage for www.google.com

If your computer cannot access the dns server at x.x.x.x, then when you key in www.google.com into your web browser, it wont be able to find out what google's ip address is and you wont be able to open the web page.

It effectivley means that the internet will stop working for these people.

The correct DNS server to use is the one inside your modem which relays your dns query onto your own internet providers servers.

The malware changed the infected user's computers to their own dns malicious servers. So if an infected user tried to lookup www.google.com, they could reply with any ip address they liked - such as sites that will take you to advertising or wherever they liked. One way i commonly see this is that they will design a fake google website that places an advertising banner at the top of the page, but pulls the rest of the page from google's real servers - they then make money on that advertising.

When the FBI shut them down, the FBI installed some real DNS servers in place of the fake ones. This was to stop a partial shutdown of internet access to thousands/millions of people while their internet providers were able to contact the infected users and correct their settings.

Taylor Communications has had dns traffic to the FBI servers redirected to our own fake dns server for a number of weeks now. It would direct any google query to our own web server and showed the users a web page that they were infected and were to call us so we could remotley run a malware scan and correct their settings.
Only two customers were infected so the issue was small for us - but the big guys will be getting alot of phone calls tomorrow from those that didnt know they were infected.


Cheers.

Filter this topic showing only the reply marked as answer Create new topic



Amazon prices in US$






Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:






Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.