Internet user, be aware. Your internet connection may be
affected and could stop working due to a virus, DNS Changer Virus, Which has corrupted million of computers in
more than 100 countries and millions of internet users. In November 2011, six
cyber criminals were arrested for running a sophisticated internet fraud ring
that infected millions of computers worldwide with the DNS Changer which
enabled them to manipulate the multibillion dollar Internet advertising
industry. The criminals told that they had stolen $14 million, but the actual
amount may larger because the banks are typically reluctant to reveal how much
they have lost. The US Federal Bureau of
Investigation (FBI) has already started two-years special investigation which
code name is Operation Ghost Click.
What is DNS?
DNS stands for Domain Name System. It is an internet service
that converts user-friendly domain names into the numerical Internet Protocol
(IP) address which computer system uses to talk to each other. Both DNS and DNS
servers are a critical component of user computer’s operating environment.
Users would not able to access websites, send emails or use any other Internet
service without them. When you enter a domain name which is like www.xyz.com in your web browser’s address bar,
your computer contacts DNS servers to determine the site’s IP address. Then your computer uses this IP
address to access the website. Actually Internet Service Providers (ISP)
operates the DNS servers and these included in your computer’s configuration.
What is DNS
Changer?
DNS Changer is a Trojan virus which has a small size of
about 1.5 KB. This changes the infected system’s DNS setting in order to divert
the traffic to unsolicited and potentially illegal sites. This Trojan is
designed to change the “Name Server”. Registry key value to a customer IP
address is usually encrypted in the body of Trojan. By controlling DNS, a
criminal can get an unsuspecting user to connect to a fraudulent website or
interfere with the user’s online web browsing.
DNS Changer virus causes a computer to use rogue DNS servers
in one of following two ways:
1)
It changes the computer’s DNS server setting to
replace the ISP’s good DNS setting with rogue DNS IP addresses operated by the
criminals.
2)
It attempts to access devices on the victims
office or home network that run a Dynamic Host Configuration protocol (DHCP)
server (example- Router). The malware attempts to access the user’s router using
common default user names and password. These are usually ‘admin’ and ‘admin’
respectively. It converts the original DNS setting these devices use to rogue
DNS setting that is operated by the criminals.
This is a change that impacts all
computers on the corporate network.
If your ISP’s DNS server is infected then you will be also
affected. How do you know whether your computer is infected or not? It is the
best idea to have it evaluated by a professional. You can also check it
yourself in Windows XP/7 by going to the Start menu—Run—cmd . At the command
prompt enter ipconfig/all. Now look for the result that shows “DNS
Servers………..”. The DNS numbers are in the format of nnn.nnn.nnn.nnn where nnn
is a number from 0 to 255. Make a note of IP address for DNS servers and
compare them to the table of known DNS servers which are shown below.
Make a note of IP address for DNS servers and compare them to the table of known DNS servers which are shown below.
- 85.255.112.0 through 85.255.127.255
- 67.210.0.0 through 67.210.15.255
- 93.188.160.0 through 93.188.167.255
- 77.67.83.0 through 77.67.83.255
- 213.109.64.0 through 213.109.79.255
- 64.28.176.0 through 64.28.191.255
If you are using a MAC, then click on the Apple’s symbol in the top left corner and choose System Preferences, then Network and click on the Advanced button. Choose the DNS tab on the top to show the DNS servers you are using. There is a special website which is www.dnsok.de to check if your ISP’s DNS requests are made to the right places. This site tells you if you are affected by the DNS Changer virus or not.
How to repair if your computer is infected by DNS Changer
Well, if your pc is infected by rogue DNS, you can use Avira
DNSRepair tool. This tool can be downloaded from www.avira.com/files/support/GAQ_KB_Download_Files/EN/AviraDNSRepairEN.exe .
0 comments:
Post a Comment