Visit the DNSChanger Diagnostic page now

Forums › New Zealand Broadband › Visit the DNSChanger Diagnostic page now

freitasm

BDFL - Memuneh
79309 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#105328 2-Jul-2012 17:08

I hear many ISP customers around New Zealand will be affected when the FBI switch off temporary DNS being currently provided to support users affected by the DNSChanger malware.

It is expected these servers will be switched off around the 9th July 2012.

DNSChanger affects both Windows and Mac OS computers.

Visit the DNSChanger Diagnostic page now to see if your computer is affected. If it is make sure you run a good antivirus/antispyware, clean up any of the infections acquired while visiting those dodgy websites, religious websites and hijacked Facebook accounts and switch the DNS configuration to the one provided by your ISP.

Also prepare for the "my computer can't connect to the Internet LOL" posts...

insane

3240 posts

Uber Geek

ID Verified

Trusted

#649676 2-Jul-2012 17:26

freitasm:
Also prepare for the "my computer can't connect to the Internet LOL" posts...

I suspect those users won't make it to geekzone.co.nz, however ISP HD's will wear that frustration ;)

freitasm

BDFL - Memuneh
79309 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#649677 2-Jul-2012 17:26

"A friend of a friend". Or someone posting from work. Or from the phone. One never knows.

dontpanic42

1574 posts

Uber Geek

#649681 2-Jul-2012 17:34

On a related note, people may also wish to take a look at running DNSCrypt, which encrypts DNS traffic between your computer and the DNS server (OpenDNS servers, I believe).

It should be noted that using DNSCrypt will probably add extra latency when accessing web pages, due to the fact that you wouldn't be contacting your ISPs own DNS servers, rather the OpenDNS servers.

http://www.opendns.com/technology/dnscrypt/

freitasm

BDFL - Memuneh
79309 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#649684 2-Jul-2012 17:36

On that note we'd read people complaining about broken web experiences because of the way caching and CDNs work in New Zealand. Not the best solution unless you know what you are doing.

dontpanic42

1574 posts

Uber Geek

#649692 2-Jul-2012 17:49

freitasm: On that note we'd read people complaining about broken web experiences because of the way caching and CDNs work in New Zealand. Not the best solution unless you know what you are doing.

Good point about CDNs and caching. Was just putting it out there for people to consider.
The sooner DNSSEC is implemented, the better.

freitasm

BDFL - Memuneh
79309 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#649696 2-Jul-2012 18:00

Some ISPs can't even get their DNS properly configured, even less DNSSEC :(

freitasm

BDFL - Memuneh
79309 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#652937 9-Jul-2012 14:19

A source tells me up to 1,000 people connecting via a large New Zealand ISP are believed to have their computers infected with DNSChanger. This is for one New Zealand ISP only - there may be more obviously.

Sharesies

Trade NZ and US shares and funds with Sharesies (affiliate link).

hamish225

1418 posts

Uber Geek

ID Verified

#653017 9-Jul-2012 16:11

freitasm: A source tells me up to 1,000 people connecting via a large New Zealand ISP are believed to have their computers infected with DNSChanger. This is for one New Zealand ISP only - there may be more obviously.

how easy would it be for said isp to flick these customers an email telling them what to do?

*Insert big spe*dtest result here*

Oubadah

676 posts

Ultimate Geek

#653125 9-Jul-2012 19:03

So what exactly would happen?

"DNSChanger is a class of malicious software (malware) that changes a user's Domain Name System (DNS) settings, enabling criminals to direct unsuspecting internet users to fraudulent websites and interfere with their web browsing"

I went to the site and it says I'm OK. Although earlier today I was on station-drivers.com and being bombarded with spam pages popping up every time I clicked anything. That's got nothing to do with any of this?

Excuse my noobishness.

freitasm

BDFL - Memuneh
79309 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#653128 9-Jul-2012 19:08

DNSChanger would redirect the pages you visit to some other domain. As it is now your requests for pages would not work.

raytaylor

4017 posts

Uber Geek

Trusted

#653130 9-Jul-2012 19:15

Oubadah: So what exactly would happen?

"DNSChanger is a class of malicious software (malware) that changes a user's Domain Name System (DNS) settings, enabling criminals to direct unsuspecting internet users to fraudulent websites and interfere with their web browsing"

I went to the site and it says I'm OK. Although earlier today I was on station-drivers.com and being bombarded with spam pages popping up every time I clicked anything. That's got nothing to do with any of this?

Excuse my noobishness.

If your computer is programmed to use dns server x.x.x.x then it will ask that server to convert domain queries such as www.google.com into ip addresses so it knows where to go and pull the webpage for www.google.com

If your computer cannot access the dns server at x.x.x.x, then when you key in www.google.com into your web browser, it wont be able to find out what google's ip address is and you wont be able to open the web page.

It effectivley means that the internet will stop working for these people.

The correct DNS server to use is the one inside your modem which relays your dns query onto your own internet providers servers.

The malware changed the infected user's computers to their own dns malicious servers. So if an infected user tried to lookup www.google.com, they could reply with any ip address they liked - such as sites that will take you to advertising or wherever they liked. One way i commonly see this is that they will design a fake google website that places an advertising banner at the top of the page, but pulls the rest of the page from google's real servers - they then make money on that advertising.

When the FBI shut them down, the FBI installed some real DNS servers in place of the fake ones. This was to stop a partial shutdown of internet access to thousands/millions of people while their internet providers were able to contact the infected users and correct their settings.

Taylor Communications has had dns traffic to the FBI servers redirected to our own fake dns server for a number of weeks now. It would direct any google query to our own web server and showed the users a web page that they were infected and were to call us so we could remotley run a malware scan and correct their settings.
Only two customers were infected so the issue was small for us - but the big guys will be getting alot of phone calls tomorrow from those that didnt know they were infected.

Ray Taylor

There is no place like localhost

Spreadsheet for Comparing Electricity Plans Here

Oubadah

676 posts

Ultimate Geek

#653256 10-Jul-2012 00:28

raytaylor:

If your computer is programmed to use dns server x.x.x.x then it will ask that server to convert domain queries such as www.google.com into ip addresses so it knows where to go and pull the webpage for www.google.com

If your computer cannot access the dns server at x.x.x.x, then when you key in www.google.com into your web browser, it wont be able to find out what google's ip address is and you wont be able to open the web page.

It effectivley means that the internet will stop working for these people.

The correct DNS server to use is the one inside your modem which relays your dns query onto your own internet providers servers.

The malware changed the infected user's computers to their own dns malicious servers. So if an infected user tried to lookup www.google.com, they could reply with any ip address they liked - such as sites that will take you to advertising or wherever they liked. One way i commonly see this is that they will design a fake google website that places an advertising banner at the top of the page, but pulls the rest of the page from google's real servers - they then make money on that advertising.

When the FBI shut them down, the FBI installed some real DNS servers in place of the fake ones. This was to stop a partial shutdown of internet access to thousands/millions of people while their internet providers were able to contact the infected users and correct their settings.

Taylor Communications has had dns traffic to the FBI servers redirected to our own fake dns server for a number of weeks now. It would direct any google query to our own web server and showed the users a web page that they were infected and were to call us so we could remotley run a malware scan and correct their settings.
Only two customers were infected so the issue was small for us - but the big guys will be getting alot of phone calls tomorrow from those that didnt know they were infected.

Cheers.