Are you prepared for the July 9, 2012 deadline that the FBI has set to shut down temporary “clean” servers.This is when hundreds of thousands of computers will be unable to access the Internet because of actions by the FBI.How prepared are you or your organization before the deadline approaches.
Last November, the FBI announced the successful shutdown of a major click-jacking fraud ring in a joint investigation with Estonian authorities and other organizations, including anti-malware company Trend Micro. Seven individuals, including six Estonians and one Russian, were charged with wire fraud and computer intrusion crimes. The investigation, dubbed, “Operation Ghost Click“, included the takedown of a botnet comprising nearly 4 million infected computers. Authorities raided datacenters located in New York and Chicago, removing nearly 100 servers. The computers that were members of that botnet were infected with the malware known as DNS Changer that has been in circulation since 2007. So is your PC a member of the botnet?
Affected users then would be directed to sites that served malware, spam or large advertisements when they tried to go to popular websites such as Amazon, iTunes and Netflix. Additionally, some variants of the malware blocked access to anti-malware and operating system update sites to prevent its removal.
So how do you check if you are infected? Below are steps to follow:
1. Manually check OS computers for infection; Click start , then click run but if you are using vista or windows 7( type run) then enter. Once is up type ipconfig/all, then check from the list display the DNS Server IP. Essentially, if your DNS servers IP listed include one or more of the addresses in the following list, your computer might have been infected:
85.255.112.0 through 85.255.127.255
67.210.0.0 through 67.210.15.255
93.188.160.0 through 93.188.167.255
77.67.83.0 through 77.67.83.255
213.109.64.0 through 213.109.79.255
64.28.176.0 through 64.28.191.255
85.255.112.0 through 85.255.127.255
67.210.0.0 through 67.210.15.255
93.188.160.0 through 93.188.167.255
77.67.83.0 through 77.67.83.255
213.109.64.0 through 213.109.79.255
64.28.176.0 through 64.28.191.255
Also note you need to check your router SOHO settings of DNS.
2. Going to the any of the following sites below.
a. http://www.dns-ok.us/ : This site will display an image with a red background if the machine or router is infected. On a clean machine, it will be a green background. There are other sites you can visit, depending on your language or locality.
Site Language
www.dns-ok.us English
www.dns-ok.de German
www.dns-ok.ca English/French
dns-ok.gov.au English
dns-changer.eu German, Spanish, English
3. The FBI also provides a form where you can enter the IP address of the DNS server configured on the machine:
Now that i may be infected what do i do next?
Below are some steps to follow:
a). The first thing you want to do is make a backup of all of your important files. You might go to a computer store or shop online for a portable hard drive and copy all of your files onto that drive.
b). Either you or a computer professional that you rely upon and trust should follow the “self help” malware clean up guides listed below. The goal is to remove the malware and recover your PC from the control of the criminals that distributed it. If you were already thinking of upgrading to a new computer, now may be a good time to make the switch. If not, then a full reinstall of the operating system will ensure a successful repair or using some removal tools available i.e:
i) Hitman Pro
iii). McAfee Stinger
vi). Norton Power Eraser
vii). MacScan
viii). Avira
c).Once you have a clean PC, follow instructions for ensuring that your DNS settings are correct. If you’re not using a new PC, you’ll want to check that your computer’s DNS settings are not still using the DNS Changer DNS servers. We hope to have some of our own instructions soon. You also have the option to return to using your ISP-provided automatic settings by choosing the “automatically” option (Windows) or deleting any DNS servers listed (MacOS).
d).After you have fixed your computer, you will want to look at any home router you’re using and make sure they automatically use DNS settings provided by the ISP. We’ll have a document for this soon.
Changing DNS is only one of the functions of the malware kits. The malware could have been used for capturing keystrokes or acting as a proxy for traffic to sensitive sites like bank accounts or social media. It would be a good idea to check your bank statements and credit reports as well as change passwords on any online accounts especially saved passwords from your applications or web browsers.
No comments:
Post a Comment