Thousands could lose internet access July 9 due to virus


Goober
#1
Thousands could lose internet access July 9 due to virus

Not sure if this was posted- I recall reading about it before- So If it was I apologize.
Thousands could lose internet access July 9 due to virus - Yahoo! News Canada

On July 9, thousands of Canadians and hundreds of thousands of people worldwide could be without access to the internet after the FBI shuts down temporary DNS servers used to assist victims of a massive internet fraud ring.

All computers that still use these servers will meet a virtual brick wall on July 9 and be unable to connect to the internet until their computers are cleared of the associated 'DNSChanger' virus.

The shutdown of the temporary DNS servers by U.S. authorities is the last stage in Operation Ghost Click, a two-year international investigation that officially ended in November 2011.

The FBI, in association with international law enforcement, managed to track and apprehend six Estonians using an ostensibly legitimate front company who had organized a sophisticated system of false DNS servers. These servers rerouted the web browsers of infected computers to sites of the hackers' own choosing, some of which were fraudulent in nature.

Computers were forced to connect to the internet through these servers by a customized virus called DNSChanger that was distributed along conventional channels, such as infected emails, bad websites, and malware scripts.

When it broke up the hacking group in 2011, the FBI established temporary 'clean' servers in place of the bad ones so that computers infected with DNSChanger wouldn't suddenly be cut off from the internet.

However, the contract to maintain these servers will end July 9, resulting in their shutdown.

"An extension has not been requested," says Jenny Shearer, a spokesperson for the FBI's National Press Office.

According to Paul Vixie, chairman and founder of the Internet Systems Consortium (ISC) that has been operating the temporary servers for the FBI, the fraud had snared nearly 650,000 machines worldwide, about 25,000 of which were in Canada. He says the scheme is also estimated to have netted nearly $20 million over four years for those behind the virus.

Since November 2011, the number of computers still infected with DNSChanger has dropped substantially to 275,000 worldwide. In Canada, only about 7,000 machines are estimated to remain infected, as a result of efforts by the FBI and computer security companies to get users to follow instructions on how to check for and remove the virus.

However, for the thousands of users whose computers are still infected with DNSChanger, their machines will continue to redirect towards the DNS address supplied by the virus. They won't be able to get online unless they clear the virus from their computer.

To properly understand how the ring's servers were able to operate for so long, it serves to understand the basics behind the technology. DNS is short for Domain Name System, a tool that converts numeric Internet Protocol (IP) addresses used to route traffic on the internet into text-based domain names that are easier for people to remember and type into a browser — i.e. the IP address 159.33.3.85 into CBC.ca - Canadian News Sports Entertainment Kids Docs Radio TV.

The DNS is a vital support for how people interact with the internet, and many services like email or internet browsing would be severely crippled without it.

DNS servers hold IP addresses and their corresponding text-based domain names and form a hierarchy, with each DNS server connecting to both clients as well as higher-level DNS servers. Each server progressively holds a greater share of internet addresses, eventually reaching up to the primary 13 root servers that have access to every domain in the world.

According to Trend Micro, an internet security firm that assisted the FBI in its investigation, the servers were controlled through an IT company named Rove Digital in Tartu, Estonia.

In the indictment outlining the plan, the company was said to have used several elements to pull off the scheme. First, the false DNS servers were set up and opened an alternative route for computers to connect to the internet, as opposed to a user's own Internet Service Provider's DNS server.

In the second step, the indictment says the members of the team, one of whom is still at large, developed and disseminated DNSChanger, a tool that changed the infected computer's default DNS servers to route to the false ones when browsing the internet.

When a user would enter the alphanumeric name for a site through their web browser or search engine, the fake DNS server that the virus rerouted the request to would provide an alternate IP address that led to a different website.

Some of the sites were in and of themselves legitimate, like H&R Block; others were more obvious frauds, like idownload-store-music.com - idownload-store-music Resources and Information., a non-Apple affiliated site which purported to sell Apple products. In the case of the former, the servers redirected requests from users who had intended to go to the IRS website, and in the latter, users had wished to go to the iTunes store.

As the IP address generally remains hidden by most web browsers, a typical user wouldn't know why or how they were sent to a different online location than the site they originally intended to visit.

However, the fraud was only conducted for certain websites, allowing some other requests to continue on the DNS chain undisturbed. This made the manipulation harder to detect.

The company, Rove Digital, is accused of making money from the nearly 650,000 infected computers by receiving 'per-click' revenue from advertisers, an otherwise legal method that rewards popular sites that refer users to sites being advertised, according to the official New York indictment and the FBI's Shearer.

For each person who visited the advertising sites, the team is accused of making a small referral fee from the advertiser, eventually racking up millions in commissions.

With users no longer being routed toward fraudulent sites after the FBI stepped in, and being sent to the temporary clean DNS server instead, the virus lost most of its bite. However, as long as it remains on a user's computer, it will continue to force a web browser to try and route through the temporary DNS servers, even when those servers are taken offline.

It also has the harmful effect of preventing some anti-virus software packages from updating their virus definitions, which is a problem for most people.

The DNS Changer Working Group (DCWG) is one of the primary resources on how to check for and remove the DNSChanger virus from a computer.

To help users identify and remove the virus, the Canadian Internet Registration Authority (CIRA), in collaboration with the Canadian Cyber Incident Response Centre (CCIRC) and the Canadian Radio-television Telecommunications Commission (CRTC), have also directed Canadians who believe their computers may have the virus to visit DNSChanger Malware Checker - Détecteur de maliciel DNSChanger. The website is designed to check if a computer is using an address that falls within the range utilized by the false DNS servers.
 
taxslave
#2
In the late 90s there were a lot of experts thought we were going to loose all things electronic when the clock ticked over. Didn't happen. Not like we couldn't survive without internet for a few hours or even days.
 
Locutus
#3
DNSChanger Malware Checker - Détecteur de maliciel DNSChanger
 
petros
#4
Quote:

Your computer system does not appear to be affected by DNSChanger Malware

Thanks Locutus.
 
Locutus
#5
No prob but I just separated the link out of Goobers' OP.
 
Goober
+1
#6
Quote: Originally Posted by LocutusView Post

No prob but I just separated the link out of Goobers' OP.

Thanks - I should have checked it. Oops and I owe you a cold beer.
 
Niflmir
#7
Quote: Originally Posted by taxslaveView Post

In the late 90s there were a lot of experts thought we were going to loose all things electronic when the clock ticked over. Didn't happen. Not like we couldn't survive without internet for a few hours or even days.

UTC had a leap second recently that caused quite a few (minor) problems around the world. Thunderstorms in the US brought Amazon Web Services down last week (If I'm not mistaken) which caused quite a few campers to become unhappy.

Life goes on.
 
spaminator
#8
thank you for allowing us to test our special Canadian government spyware on your system.
 
lone wolf
#9
No bells, whistles, lights or filling boxes? How boring....
 
TenPenny
#10
Quote: Originally Posted by taxslaveView Post

In the late 90s there were a lot of experts thought we were going to loose all things electronic when the clock ticked over. Didn't happen. Not like we couldn't survive without internet for a few hours or even days.

The reason that not much happened is that most systems were fixed before the date. I know that I did have a computer that I didn't update the BIOS, and it would not work properly until I fixed it.
 
jarine
+1
#11
namastee............................funny this was the first ive heard of it.....funny on the timing.............all this talk of being spyd on by ibf. sure we will fix your computer as we put our eye wear into ur computer....................dont believe it one bit.sorry for those sheep being herded by fear.
 
Goober
#12
Quote: Originally Posted by jarineView Post

namastee............................funny this was the first ive heard of it.....funny on the timing.............all this talk of being spyd on by ibf. sure we will fix your computer as we put our eye wear into ur computer....................dont believe it one bit.sorry for those sheep being herded by fear.

Read an article a few years ago- 10 % of comutors were infected. That equated to 65 million (BOTS) computors. And if the govt wants into your comptuor they will get in.
 
J_Hay
#13
This has nothing to do with that middleeastern Flame thing going around? you know.. that wicked supervirus thing?
 
shadowshiv
#14
Quote: Originally Posted by J_HayView Post

This has nothing to do with that middleeastern Flame thing going around? you know.. that wicked supervirus thing?

That "virus" is just a variation of the old Olympic Torch fake that made it's rounds a while back. It was debunked.

I should mention that it looks like my computer is clean, as I am happily posting here on...yep, you guessed it, July 9th.
 
taxslave
#15
So far this morning no problem and since it is almost 0700 on the West coast the day is half over eleswhere in the world.
 
Walter
#16
Quote: Originally Posted by taxslaveView Post

So far this morning no problem and since it is almost 0700 on the West coast the day is half over eleswhere in the world.

How could you know; it's like trying to call the phone company to tell them your phone ain't workin.
 
Nuggler
#17
...Computer is perfectly fine. Slow, but fine.

SOB of a calculator just crashed. Think the virus had anything to do with it.?

$1.50 in Dollarama.............Where IS the quality these days??
 
Niflmir
#18
Quote: Originally Posted by shadowshivView Post

That "virus" is just a variation of the old Olympic Torch fake that made it's rounds a while back. It was debunked.

I should mention that it looks like my computer is clean, as I am happily posting here on...yep, you guessed it, July 9th.

Flame was certainly not a hoax. https://en.wikipedia.org/wiki/Flame_(malware)

It featured a novel sophisticated hash collision attack that was published not by the creator, but by the security professionals who subsequently studied it. CWI cryptanalyst discovers new cryptographic attack variant in Flame spy malware | CWI Amsterdam | Research in mathematics and computer science
 
Goober
#19
Quote: Originally Posted by WalterView Post

How could you know; it's like trying to call the phone company to tell them your phone ain't workin.

I use another phone- What do you do???
 
spaminator
+2
#20  Top Rated Post
I remember hearing about hackers planning to shut down the internet all over the world on December 21, 2012. that would be an internet apocalypse of biblical proportions.
 
B00Mer
#21
Today is July 9th.. ??



9,000 Canadian computers face threat of infection, loss of Internet access Monday
 
no new posts