Hundreds of thousands may lose Internet in July

[lakeliving]

http://www.foxnews.com/scitech/2012/04/23/hundreds-thousands-may-lose-internet-in-july/

AP

WASHINGTON – For computer users, a few mouse clicks could mean the difference between staying online and losing Internet connections this summer.

Unknown to most of them, their problem began when international hackers ran an online advertising scam to take control of infected computers around the world. In a highly unusual response, the FBI set up a safety net months ago using government computers to prevent Internet disruptions for those infected users. But that system is to be shut down.

The FBI is encouraging users to visit a website run by its security partner, www.dcwg.org, that will inform them whether they're infected and explain how to fix the problem. After July 9, infected users won't be able to connect to the Internet.

SUMMARY

LONG ARM OF SCOFFLAW: An online ad scam is having some unintended ramifications: The fix may prevent as many as 360,000 from getting online. Several sites will show if you're infected:

DNS Changer Working Group: can discern whether you’re infected and explain how to fix the problem.

DNSChanger Eye Chart: if the site goes red, you’re in harm’s way. Green means clean.

The FBI website: type in the IP address of your DNS server to find out if it is infected.

Read more on how to stay safe

Most victims don't even know their computers have been infected, although the malicious software probably has slowed their web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.

Last November, the FBI and other authorities were preparing to take down a hacker ring that had been running an Internet ad scam on a massive network of infected computers.

"We started to realize that we might have a little bit of a problem on our hands because ... if we just pulled the plug on their criminal infrastructure and threw everybody in jail, the victims of this were going to be without Internet service," said Tom Grasso, an FBI supervisory special agent. "The average user would open up Internet Explorer and get `page not found' and think the Internet is broken."

On the night of the arrests, the agency brought in Paul Vixie, chairman and founder of Internet Systems Consortium, to install two Internet servers to take the place of the truckload of impounded rogue servers that infected computers were using. Federal officials planned to keep their servers online until March, giving everyone opportunity to clean their computers. But it wasn't enough time. A federal judge in New York extended the deadline until July.

Now, said Grasso, "the full court press is on to get people to address this problem." And it's up to computer users to check their PCs.

This is what happened:

'We started to realize that we might have a little bit of a problem on our hands...'

- Tom Grasso, an FBI supervisory special agent

Hackers infected a network of probably more than 570,000 computers worldwide. They took advantage of vulnerabilities in the Microsoft Windows operating system to install malicious software on the victim computers. This turned off antivirus updates and changed the way the computers reconcile website addresses behind the scenes on the Internet's domain name system.

The DNS system is a network of servers that translates a web address - such as www.ap.org - into the numerical addresses that computers use. Victim computers were reprogrammed to use rogue DNS servers owned by the attackers. This allowed the attackers to redirect computers to fraudulent versions of any website.

The hackers earned profits from advertisements that appeared on websites that victims were tricked into visiting. The scam netted the hackers at least $14 million, according to the FBI. It also made thousands of computers reliant on the rogue servers for their Internet browsing.

When the FBI and others arrested six Estonians last November, the agency replaced the rogue servers with Vixie's clean ones. Installing and running the two substitute servers for eight months is costing the federal government about $87,000.

The number of victims is hard to pinpoint, but the FBI believes that on the day of the arrests, at least 568,000 unique Internet addresses were using the rogue servers. Five months later, FBI estimates that the number is down to at least 360,000. The U.S. has the most, about 85,000, federal authorities said. Other countries with more than 20,000 each include Italy, India, England and Germany. Smaller numbers are online in Spain, France, Canada, China and Mexico.

Vixie said most of the victims are probably individual home users, rather than corporations that have technology staffs who routinely check the computers.

FBI officials said they organized an unusual system to avoid any appearance of government intrusion into the Internet or private computers. And while this is the first time the FBI used it, it won't be the last.

"This is the future of what we will be doing," said Eric Strom, a unit chief in the FBI's Cyber Division. "Until there is a change in legal system, both inside and outside the United States, to get up to speed with the cyber problem, we will have to go down these paths, trail-blazing if you will, on these types of investigations."

Now, he said, every time the agency gets near the end of a cyber case, "we get to the point where we say, how are we going to do this, how are we going to clean the system" without creating a bigger mess than before.

Read more: http://www.foxnews.com/scitech/2012/04/23/hundreds-thousands-may-lose-internet-in-july/#ixzz1szhedZfs

[wealthhound]

http://www.foxnews.com/scitech/2012/04/23/hundreds-thousands-may-lose-internet-in-july/

AP

WASHINGTON – For computer users, a few mouse clicks could mean the difference between staying online and losing Internet connections this summer.

Unknown to most of them, their problem began when international hackers ran an online advertising scam to take control of infected computers around the world. In a highly unusual response, the FBI set up a safety net months ago using government computers to prevent Internet disruptions for those infected users. But that system is to be shut down.

The FBI is encouraging users to visit a website run by its security partner, www.dcwg.org, that will inform them whether they're infected and explain how to fix the problem. After July 9, infected users won't be able to connect to the Internet.

SUMMARY

LONG ARM OF SCOFFLAW: An online ad scam is having some unintended ramifications: The fix may prevent as many as 360,000 from getting online. Several sites will show if you're infected:

DNS Changer Working Group: can discern whether you’re infected and explain how to fix the problem.

DNSChanger Eye Chart: if the site goes red, you’re in harm’s way. Green means clean.

The FBI website: type in the IP address of your DNS server to find out if it is infected.

Read more on how to stay safe

Most victims don't even know their computers have been infected, although the malicious software probably has slowed their web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.

Last November, the FBI and other authorities were preparing to take down a hacker ring that had been running an Internet ad scam on a massive network of infected computers.

"We started to realize that we might have a little bit of a problem on our hands because ... if we just pulled the plug on their criminal infrastructure and threw everybody in jail, the victims of this were going to be without Internet service," said Tom Grasso, an FBI supervisory special agent. "The average user would open up Internet Explorer and get `page not found' and think the Internet is broken."

On the night of the arrests, the agency brought in Paul Vixie, chairman and founder of Internet Systems Consortium, to install two Internet servers to take the place of the truckload of impounded rogue servers that infected computers were using. Federal officials planned to keep their servers online until March, giving everyone opportunity to clean their computers. But it wasn't enough time. A federal judge in New York extended the deadline until July.

Now, said Grasso, "the full court press is on to get people to address this problem." And it's up to computer users to check their PCs.

This is what happened:

'We started to realize that we might have a little bit of a problem on our hands...'

- Tom Grasso, an FBI supervisory special agent

Hackers infected a network of probably more than 570,000 computers worldwide. They took advantage of vulnerabilities in the Microsoft Windows operating system to install malicious software on the victim computers. This turned off antivirus updates and changed the way the computers reconcile website addresses behind the scenes on the Internet's domain name system.

The DNS system is a network of servers that translates a web address - such as www.ap.org - into the numerical addresses that computers use. Victim computers were reprogrammed to use rogue DNS servers owned by the attackers. This allowed the attackers to redirect computers to fraudulent versions of any website.

The hackers earned profits from advertisements that appeared on websites that victims were tricked into visiting. The scam netted the hackers at least $14 million, according to the FBI. It also made thousands of computers reliant on the rogue servers for their Internet browsing.

When the FBI and others arrested six Estonians last November, the agency replaced the rogue servers with Vixie's clean ones. Installing and running the two substitute servers for eight months is costing the federal government about $87,000.

The number of victims is hard to pinpoint, but the FBI believes that on the day of the arrests, at least 568,000 unique Internet addresses were using the rogue servers. Five months later, FBI estimates that the number is down to at least 360,000. The U.S. has the most, about 85,000, federal authorities said. Other countries with more than 20,000 each include Italy, India, England and Germany. Smaller numbers are online in Spain, France, Canada, China and Mexico.

Vixie said most of the victims are probably individual home users, rather than corporations that have technology staffs who routinely check the computers.

FBI officials said they organized an unusual system to avoid any appearance of government intrusion into the Internet or private computers. And while this is the first time the FBI used it, it won't be the last.

"This is the future of what we will be doing," said Eric Strom, a unit chief in the FBI's Cyber Division. "Until there is a change in legal system, both inside and outside the United States, to get up to speed with the cyber problem, we will have to go down these paths, trail-blazing if you will, on these types of investigations."

Now, he said, every time the agency gets near the end of a cyber case, "we get to the point where we say, how are we going to do this, how are we going to clean the system" without creating a bigger mess than before.

Read more: http://www.foxnews.com/scitech/2012/04/23/hundreds-thousands-may-lose-internet-in-july/#ixzz1szhedZfs

My husband called me yesterday while he was working, he didn't have the whole address, but as I look at what he did have, it is the site referred to in this article.

What do people here think? Should we access this site? Wealthhound

[F-16Pilot]

My husband called me yesterday while he was working, he didn't have the whole address, but as I look at what he did have, it is the site referred to in this article.

What do people here think? Should we access this site? Wealthhound

Your first indicator that you may be infected by the virus is whether or not your own anti-virus is running and updating. If not, then you should suspect that you could potentially have an issue. If your anti-virus is running normally, run an anti-malware program such as Malwarebytes Anti-Malware (malwarebytes.org) on your machine. If it comes up clean, then worry no further. However, if your anti-virus isn't working and/or Malwarebytes fails to run (another symptom of the infection), I would suggest you seek out a professional. All the site will do, assuming it is legit (which I believe it is), is tell you that you are infected.

Rarely does this particular virus hide itself. It typically shows up as an anti-virus program that you didn't install.

[The Machine]

Just checked mine ........ result below ... just as I thought,

there's no scanning or anything you just open a web page and it tells you

DNS Resolution = GREEN

Your computer appears to be looking up IP addresses correctly!

Had your computer been infected with DNS changer malware you would have seen a red background. Please note, however, that if your ISP is redirecting DNS traffic for its customers you would have reached this site even though you are infected. For additional information regarding the DNS changer malware, please visit the FBI's website at:

http://www.fbi.gov/n.../malware_110911

[lakeliving]

Here's the FBI link

http://www.fbi.gov/news/stories/2011/november/malware_110911/

From FBI website:

Update on March 12, 2012: To assist victims affected by the DNSChanger malicious software, the FBI obtained a court order authorizing the Internet Systems Consortium (ISC) to deploy and maintain temporary clean DNS servers. This solution is temporary, providing additional time for victims to clean affected computers and restore their normal DNS settings. The clean DNS servers will be turned off on July 9, 2012, and computers still impacted by DNSChanger may lose Internet connectivity at that time.

[mrparrot]

What a wonderful way for the government to

install a backdoor onto the computers of US citizens.

Just fake a computer issue and send everyone to

a site to get "checked out".

Go ahead and call me a conspiracy theorist.

Wouldn't be the first time, and it certainly won't be the last...