Saturday, April 28, 2012

|| The Virus That Really Will Kill Your PC ||



Analysis by Rob Pegoraro
DNSChanger check
It sounds like one of those annoying chain emails that show up from technically challenged acquaintances: "The FBI Will Take Your Computer Offline July 9 If It Has A Virus! Visit This Site Immediately To Check!! Forward This To Everyone You Know!!!"
But the Federal Bureau of Investigation really has posted a warning on its site about the risk of "DNSChanger" malware, which really will result in your computer getting disconnected from the Web on July 9 if you don't clean it up.
BLOG: First Human Infected With a Computer Virus
The story began last November when the bureau announced it had busted a 4-year-old Estonia-based conspiracy. The suspects had infected about 4 million computers -- some 500,000 in the United States -- with malware called DNSChanger (also referred to as Alureon) that diverted victims to scam sites.
This "rootkit" malware was usually delivered as a fake download for Windows or Mac OS X that then silently altered the Domain Name System settings on computers and even some wireless routers. That's about the most serious compromise an Internet-connected machine can suffer; when DNS stops correctly translating domain names like discovery.com to machine-readable Internet Protocol addresses like 63.240.215.85, you no longer know what sites you're dealing with.
But once an infected machine has been cuffed to DNSChanger's rogue servers, shutting it off would effectively unplug it from the Internet. To give unaware victims time to clean up their systems, the FBI secured a court order requiring the Internet Systems Consortium, a nonprofit Net-architecture firm, to take over and sanitize those servers.
But all bad things must end; after one stay of execution, ISC is now set to turn off the DNSChanger servers on July 9. At that point, any infected machine will only be able to connect to numerical IP addresses, essentially, a rotary-dial version of the Internet.
Early advice on checking for a DNSChanger infection required a fair degree of technical skill, but now you just need to be able to read one line of text or know the difference between green and red. Visit www.dns-ok.us; if you see a green background to the image on that page and the words "DNS Resolution = GREEN," you're safe. (Your Internet provider may also offer a similar service. Comcast subscribers, for example, can check their computers at amibotted.comcast.net.)
NEWS: Japan Reportedly Building Vigilante Virus
If you see otherwise, you have a month and change to fix the problem. Since DNSChanger can disable security programs, you may not be able to do this the easy way, by clicking a "scan" button in your anti-virus app. You can try specialized DNSChanger-removal tools from such firms as SecureMac, or run general-purpose anti-rootkit software like MalwareBytes' Anti-Malware or Kaspersky Labs' TDSSKiller.
The DNS Changer Working Group, created by Internet-security experts to help clean up the problem, has also set up a page with links to manual malware-cleanup instructions from Microsoft and others. In a worst-case scenario, you may need to reinstall your computer's operating system and software from scratch, using either the disks that came with the computer or the recovery partition on its hard drive. 
But that still beats having a computer that can only navigate the Internet by numbers.
So if you have friends or family members online who might not know to check for this problem, please forward this post to them. But hold the exclamation points.


This post is given by Ashutosh Rajput,Bhopal,India.

4 comments: