This is a courtesy notice to friends with home Windows computers and Macs computers connecting to the internet. July 9, 2012 is being tagged as the “Internet Doomsday.” A malicious virus is cruising in the web, and albeit small, there is the slight chance for the computers to lose Internet access.
Here are the things that one should be aware of:
What is the threat about?
In 2007, a computer virus, Trojan horse, called the DNSChanger surfaced. Created by cybercriminals, it would redirect the internet traffic by hijacking the domain name systems of the web browser. Though a security fix was provided, this ordered replacement servers to allow for normal traffic flow through the infected computers. This court order expires on Monday and hence the Internet Doomsday.
The criminals had served more than $14 million worth of advertisements to spurious computers. The culprits were however, caught in November 2011, by FBI in the “Operation Ghost Click.”
What is DNS?
DNS or the Domain Name System is a service that converts the user-friendly domain to the numerical Internet protocol (IP) address that the computers use to connect. When we enter a domain name, such as www.google.com, then the computer connects DNS servers to determine the IP address for the website. These servers are operated by the client’s Internet service providers (ISP) and form the computer’s network configurations. Critical component for the working of the computer, without them the user cannot send e-mail, visit websites or use any Internet.
So what did the criminals do?
Once the cybercriminals became aware of controlling the user’s DNS servers, and controlling the what sites the users connect to, the criminals were able to connect the user to fraudulent websites or interfere with the user’s web browsing. The criminals accomplished this with the malware DNSChanger. The malware was used to change the settings of the user’s DNS and replace the ISP’s good DNS with malicious ones. These DNS servers, operated by the criminals are called the rogue DNS server.
How does the DNS Changer affect the computer?
The DNSChanger would cause the computer to use rogue DNS servers in either one of the ways.
* It would simultaneously change the computer’s DNS server to replace it with malware servers that were run by the criminals.
* Secondly, it would access the devices on the network that would be operating on a dynamic host configuration protocol (DHCP) server. Using the common default surnames and passwords, the DNS servers of these devices are also subsequently changed thereby affecting all computers with the malware.
What is the issue now?
The cybercriminals were caught but all of the infected computers numbering about 570,000 needed to use the dubious servers to connect to the Internet. Therefore, the FBI set up a security net. Bringing in a private organization, the company was made to install two clean servers that would take out the malicious servers. This way the people would also not lose the Internet. However, these will not last forever.
How would one know whether their computers are affected?
Most of the users are unaware of being infected. The malicious software most likely slowed the web surfing and disabled antivirus, and this makes them more vulnerable to other cyber attacks. There is an easy way to check this. By logging in this website, http://dns-ok.us/ , for those who are infected, the ways of getting rid of it is mentioned at DCWG. (DNSChanger Working Group)
Facebook and Google are creating their own warning message. Facebook states: “Your computer or network might be infected” and provides a link for more detailed information. Google is sending across a similar message displayed at the top of a Google search results page. There is also relevant information on the procedure to correct the problem.
What happens if one comes to know of the infection on Monday?
If the computer is already infected and the user does not solve the problem by Monday, it would become difficult to remove the malware. The computer will not access the Internet and therefore, subsequent ant-virus packages can only be applied with a USB drive or physical discs. Alternatively, the formatting of the computer’s operating system can also be done but this would blank all saved files.
Below are some articles regarding the malware issues.