Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsNew Zealand BroadbandVisit the DNSChanger Diagnostic page now
freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41029

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

#105328 2-Jul-2012 17:08
Send private message

I hear many ISP customers around New Zealand will be affected when the FBI switch off temporary DNS being currently provided to support users affected by the DNSChanger malware.

It is expected these servers will be switched off around the 9th July 2012.

DNSChanger affects both Windows and Mac OS computers.

Visit the DNSChanger Diagnostic page now to see if your computer is affected. If it is make sure you run a good antivirus/antispyware, clean up any of the infections acquired while visiting those dodgy websites, religious websites and hijacked Facebook accounts and switch the DNS configuration to the one provided by your ISP.

Also prepare for the "my computer can't connect to the Internet LOL" posts...




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

Filter this topic showing only the reply marked as answer Create new topic
insane
3324 posts

Uber Geek
+1 received by user: 1006

ID Verified
Trusted
2degrees
Subscriber

  #649676 2-Jul-2012 17:26
Send private message

freitasm:
Also prepare for the "my computer can't connect to the Internet LOL" posts...


I suspect those users won't make it to geekzone.co.nz, however ISP HD's will wear that frustration ;)







freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41029

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #649677 2-Jul-2012 17:26
Send private message

"A friend of a friend". Or someone posting from work. Or from the phone. One never knows.




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

dontpanic42
1574 posts

Uber Geek
+1 received by user: 11


  #649681 2-Jul-2012 17:34
Send private message

On a related note, people may also wish to take a look at running DNSCrypt, which encrypts DNS traffic between your computer and the DNS server (OpenDNS servers, I believe).

It should be noted that using DNSCrypt will probably add extra latency when accessing web pages, due to the fact that you wouldn't be contacting your ISPs own DNS servers, rather the OpenDNS servers.

http://www.opendns.com/technology/dnscrypt/



freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41029

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #649684 2-Jul-2012 17:36
Send private message

On that note we'd read people complaining about broken web experiences because of the way caching and CDNs work in New Zealand. Not the best solution unless you know what you are doing.




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

dontpanic42
1574 posts

Uber Geek
+1 received by user: 11


  #649692 2-Jul-2012 17:49
Send private message

freitasm: On that note we'd read people complaining about broken web experiences because of the way caching and CDNs work in New Zealand. Not the best solution unless you know what you are doing.


Good point about CDNs and caching. Was just putting it out there for people to consider.
The sooner DNSSEC is implemented, the better.

freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41029

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #649696 2-Jul-2012 18:00
Send private message

Some ISPs can't even get their DNS properly configured, even less DNSSEC :(





Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

 
 
 
 

Shop now for Lego sets and other gifts (affiliate link).
freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41029

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #652937 9-Jul-2012 14:19
Send private message

A source tells me up to 1,000 people connecting via a large New Zealand ISP are believed to have their computers infected with DNSChanger. This is for one New Zealand ISP only - there may be more obviously.




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

hamish225
1430 posts

Uber Geek
+1 received by user: 215

ID Verified

  #653017 9-Jul-2012 16:11
Send private message

freitasm: A source tells me up to 1,000 people connecting via a large New Zealand ISP are believed to have their computers infected with DNSChanger. This is for one New Zealand ISP only - there may be more obviously.


how easy would it be  for  said isp to flick these customers an email telling them what to do?




*Insert big spe*dtest result here*

Oubadah
676 posts

Ultimate Geek
+1 received by user: 12


  #653125 9-Jul-2012 19:03
Send private message

So what exactly would happen?

"DNSChanger is a class of malicious software (malware) that changes a user's Domain Name System (DNS) settings, enabling criminals to direct unsuspecting internet users to fraudulent websites and interfere with their web browsing"

I went to the site and it says I'm OK. Although earlier today I was on station-drivers.com and being bombarded with spam pages popping up every time I clicked anything. That's got nothing to do with any of this?

Excuse my noobishness. Embarassed

freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41029

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #653128 9-Jul-2012 19:08
Send private message

DNSChanger would redirect the pages you visit to some other domain. As it is now your requests for pages would not work.





Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

raytaylor
4076 posts

Uber Geek
+1 received by user: 1296

Trusted

  #653130 9-Jul-2012 19:15
Send private message

Oubadah: So what exactly would happen?

"DNSChanger is a class of malicious software (malware) that changes a user's Domain Name System (DNS) settings, enabling criminals to direct unsuspecting internet users to fraudulent websites and interfere with their web browsing"

I went to the site and it says I'm OK. Although earlier today I was on station-drivers.com and being bombarded with spam pages popping up every time I clicked anything. That's got nothing to do with any of this?

Excuse my noobishness. Embarassed


If your computer is programmed to use dns server x.x.x.x then it will ask that server to convert domain queries such as www.google.com into ip addresses so it knows where to go and pull the webpage for www.google.com

If your computer cannot access the dns server at x.x.x.x, then when you key in www.google.com into your web browser, it wont be able to find out what google's ip address is and you wont be able to open the web page.

It effectivley means that the internet will stop working for these people.

The correct DNS server to use is the one inside your modem which relays your dns query onto your own internet providers servers.

The malware changed the infected user's computers to their own dns malicious servers. So if an infected user tried to lookup www.google.com, they could reply with any ip address they liked - such as sites that will take you to advertising or wherever they liked. One way i commonly see this is that they will design a fake google website that places an advertising banner at the top of the page, but pulls the rest of the page from google's real servers - they then make money on that advertising.

When the FBI shut them down, the FBI installed some real DNS servers in place of the fake ones. This was to stop a partial shutdown of internet access to thousands/millions of people while their internet providers were able to contact the infected users and correct their settings.

Taylor Communications has had dns traffic to the FBI servers redirected to our own fake dns server for a number of weeks now. It would direct any google query to our own web server and showed the users a web page that they were infected and were to call us so we could remotley run a malware scan and correct their settings.
Only two customers were infected so the issue was small for us - but the big guys will be getting alot of phone calls tomorrow from those that didnt know they were infected.




Ray Taylor

There is no place like localhost

Spreadsheet for Comparing Electricity Plans Here

 
 
 
 

Shop now on Samsung phones, tablets, TVs and more (affiliate link).
Oubadah
676 posts

Ultimate Geek
+1 received by user: 12


  #653256 10-Jul-2012 00:28
Send private message

raytaylor: 

If your computer is programmed to use dns server x.x.x.x then it will ask that server to convert domain queries such as www.google.com into ip addresses so it knows where to go and pull the webpage for www.google.com

If your computer cannot access the dns server at x.x.x.x, then when you key in www.google.com into your web browser, it wont be able to find out what google's ip address is and you wont be able to open the web page.

It effectivley means that the internet will stop working for these people.

The correct DNS server to use is the one inside your modem which relays your dns query onto your own internet providers servers.

The malware changed the infected user's computers to their own dns malicious servers. So if an infected user tried to lookup www.google.com, they could reply with any ip address they liked - such as sites that will take you to advertising or wherever they liked. One way i commonly see this is that they will design a fake google website that places an advertising banner at the top of the page, but pulls the rest of the page from google's real servers - they then make money on that advertising.

When the FBI shut them down, the FBI installed some real DNS servers in place of the fake ones. This was to stop a partial shutdown of internet access to thousands/millions of people while their internet providers were able to contact the infected users and correct their settings.

Taylor Communications has had dns traffic to the FBI servers redirected to our own fake dns server for a number of weeks now. It would direct any google query to our own web server and showed the users a web page that they were infected and were to call us so we could remotley run a malware scan and correct their settings.
Only two customers were infected so the issue was small for us - but the big guys will be getting alot of phone calls tomorrow from those that didnt know they were infected.


Cheers.

Filter this topic showing only the reply marked as answer Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright