Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account


Photo

Old DNSchanger Virus may still be around

- - - - -

  • Please log in to reply
3 replies to this topic

#1
submix8c

submix8c

    Inconceivable!

  • Patrons
  • 4,161 posts
  • OS:none specified
  • Country: Country Flag
Seen on morning news and got curious.

I did a search -
virus internet monday

and it popped up all over by different names.

Apparently remnants of a hacker scheme the FBI caught up with last November may still affect some DNS Servers and many PC users are still affected. The affected PC's apparently get redirected to the rogue DNS addresses which ISP's were supposed to reroute to real IP's but the "temporary fix servers" will be turned off and affected PC's will no longer be able to access the internet.

Not to worry, though. Affected PC's can be repaired. Check yourself now our be prepared to check the PC's later or (shudder) pay the Geek Squad to do it.

Business Journal

This website calls it Alureon.

Above link provides this link to check and repair (if necessary) your PC. There's a very good chance that your AntiVirus/AntiMalware software already detects it.

FBI website calls it DNSChanger as does Computerworld.

Last week, IID said that its scans showed 12% of Fortune 500 firms, or about one out of every eight, harbored DNSChanger-compromised computers or routers. And two out of 55 scanned U.S. government departments or agencies -- or 3.6% -- also had failed to scrub all their PCs and Macs.

This is Topic is more of an FYI heads-up to get a "checkup" by whatever means you have... See ya Monday morning... ;)

Someday the tyrants will be unthroned... Jason "Jay" Chasteen; RIP, bro!

Posted Image



How to remove advertisement from MSFN

#2
Tripredacus

Tripredacus

    K-Mart-ian Legend

  • Super Moderator
  • 9,672 posts
  • OS:Server 2012
  • Country: Country Flag

Donator

I hid your duplicate topic... :ph34r:

This story seems to be reported wrong in the news. Already this morning I have texts from friends that are scared about some virus attack on Monday. They called it the "Monday Virus".

But as you found, it is from last year. FBI took over the C&C but did not know where all the clients were. So they sanitized the servers and let them keep running. Now the problem is that for some reason they are on a time-table (probably a budget thing or whatever) and there had been meetings and deadlines pushed past already. So for some reason they can't just let these things run in a closet somewhere and have to turn them off by Monday.

You'd figure it wouldn't be overly complicated to send a command back to the clients and have them set their DNS to auto or something but its probably more complicated than that.
MSFN RULES | GimageX HTA for PE 3.x | lol probloms
msfn2_zpsc37c7153.jpg

#3
submix8c

submix8c

    Inconceivable!

  • Patrons
  • 4,161 posts
  • OS:none specified
  • Country: Country Flag
The {hide} is fine by me - you can delete it entirely if you wish.. My intention was not to :ph34r: -monger, but to inform of the potential. The claim is that individual PC's are affected - some kind of "redirect", hence the "easy fix". Anyone caught with their pants down (as it were) deserves the headache. Maybe the dopey kid across the street will pay me again to "disinfect". I need the cash anyhow... :lol:

"START /WAIT" (and wait and wait...)

edit - looks like the USofA has a lot of pr0n-searchers!
edit2 - OUCH!!! The first website ("us-of-a") to "check" seems to have problems loading (lots of hits?). Let the insanity begin!
The "au" one (hint) loaded right up!

You do not appear to be affected by DNSChanger

On the bright side, I''m sure we'll all be up-and-running!

(sheesh! it appears to be a REAL easy fix! Then again, you still need to disinfect your PC with some kind of AntiMalware/Antivirus)

Edited by submix8c, 06 July 2012 - 08:20 AM.

Someday the tyrants will be unthroned... Jason "Jay" Chasteen; RIP, bro!

Posted Image


#4
Tripredacus

Tripredacus

    K-Mart-ian Legend

  • Super Moderator
  • 9,672 posts
  • OS:Server 2012
  • Country: Country Flag

Donator

Ok. I felt that is is better to have the topic in "News" since it is "News" today... Even though it is actually "Olds" but those not keeping up on security may not know about it.

But just watch, It'll turn out that one of my machines are infected! :lol:

PS: congrats on the Patron badge!

Edited by Tripredacus, 06 July 2012 - 08:07 AM.

MSFN RULES | GimageX HTA for PE 3.x | lol probloms
msfn2_zpsc37c7153.jpg




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users



How to remove advertisement from MSFN