By admin On · In News
What
is the problem?
What
we recommend you do
Where
you can find more information
Blackman: Dear Reader, you click at this link to find out the detail - here
21 March 2012
Software
and platform affected
Windows (all versions)
Mac OS X (all versions)
Mac OS X (all versions)
What
is the problem?
Malware which alters a computer’s DNS (Domain Name System)
settings, known as “DNSChanger” malware, has been in circulation for some time.
DNS is an Internet service which translates user-friendly domain names (e.g.
ssoalertservice.net.au) into the numerical Internet Protocol (IP) addresses
(e.g. 203.15.34.230) which are used by computers to communicate with each
other. By infecting a victim’s computer with this type of malware, criminals
are able to alter the DNS settings on a user’s computer. By controlling the DNS
settings on victim’s computer, criminals force the infected computers to
communicate with “bad” or “rogue” DNS servers, rather than legitimate “good”
DNS servers. The criminals can then use these “bad” or “rogue” DNS servers to
redirect the unsuspecting users to fraudulent websites or interfere with a
user’s web browsing. For example, if a user’s computer is infected with the
DNSChanger malware, and the user enters “google.com” in their web browser,
rather than take the user to the legitimate “google.com” website, they would be
taken to a fraudulent website instead.
In November 2011, the FBI uncovered a network of rogue DNS
servers and took steps to disable them. However, by disabling the rogue DNS
network, victims who are infected by the DNSChanger malware could lose access
to DNS services entirely. To address this issue, the FBI developed a
private-sector, non-government entity to operate and maintain clean DNS servers
for the infected victims for a temporary period. As of July 9th 2012 the FBI will
no longer be operating this service; computers that are infected with the
DNSChanger malware could lose access to DNS services, preventing access to the
Internet, including access to legitimate websites.
What
we recommend you do
The Australian Government
has created a diagnostic website which will, in most cases, confirm whether or
not a user’s computer is infected with DNSChanger malware:Australian Government DNSChanger Diagnostic
The FBI has provided a
PDF document with detailed instructions (including screenshots) to manually
check the DNS settings on both Windows and Mac OS X based computers: FBI DNSChanger Malware
Document
As a minimum step, we recommend that you click on the
Australian Government’s diagnostic website and see whether it displays a green
box with the words, “You do not appear to be affected by DNSChanger”.
Then, if you want to be more certain that this diagnosis is
correct, it is also recommended that you follow the detailed instructions in
the FBI’s PDF document to help to determine whether your computer is infected
with DNSChanger. You should also perform a thorough virus-scan of your computer
using an up-to-date virus scanner to ensure that it is not infected with the
DNSChanger malware.
If you do find that have been infected with the DNSChanger
malware, you should seek professional assistance to ensure that the malware is
removed successfully.
Additionally, this factsheet contains instructions to help
detect and remove malware:
Where
you can find more information
The Australian
Government has also provided some additional information regarding the
DNSChanger Malware here: DNSChanger Information
The FBI has also
provided further information regarding internet fraud associated with the
DNSChanger Malware here: Manhattan U.S. Attorney
Charges Seven Individuals for Engineering Sophisticated Internet Fraud Scheme
That Infected Millions of Computers Worldwide and Manipulated Internet
Advertising Business
Additional information
regarding the DNSChanger Malware can be found at the DNS Changer Working Group
(DCWG) website: DNS Changer Working Group
No comments:
Post a Comment