Hundreds of thousands of people are going to find that they
can’t get their email or browse the web on July 9th, 2012. This isn’t
part of the alleged Mayan prediction that the world will end in 2012, this is
the fallout of a cybercriminal operation.
Perhaps you have heard of the malware called “DNS-Changer”.
If you don’t know what malware is, it is short for “Malicious Software”. If you
aren’t sure about “malicious software” then you would probably call it a computer
virus.
If your computer is infected with the DNS-changer malware
then you are surfing on borrowed time. I’ll explain the problem and what you
need to do about it.
Every computer on the internet has an IP address. Think of
it like the address for a house. Each computer has an address, and all web
pages are housed on computers. When you want to go to Google, you can type in www.google.com like in the example below.
The reason you can type in Google.com is that there are
special computers on the Internet called Domain Name System Servers, or DNS
Servers. When you type in a web address the information is sent to a Domain
Name Server and then translated to the actual address of the computer you are
looking for. You actually can type in the address of the web site you want, if you
know it. For example, Google is at 173.194.33.46, so, as you see in the address
bar below, I can type the address in instead of the friendly name www.google.com.
Usually you use a DNS server that your Internet Service
provider supplies when you are at home, or when you are traveling the access
point (often Wi-Fi) will also provide that information to your computer. You
can choose your own DNS server if you want to and know how to. This is where
the malicious software (malware) we call DNS-Changer comes into the picture.
When computers got infected with DNS-Changer it made changes
to the computer or router that would force the computer to use DNS Servers that
were controlled by the criminals. The FBI, in conjunction with the government
of Estonia and others caught the criminals and took control of the bad DNS
servers. The problem is that if they simply shut down the servers, the Internet
would have stopped working for millions of infected computers. The FBI enlisted
the help of the good guys at the ICS (Internet Systems Consortium) to maintain
the DNS servers until people’s computers could be fixed. Initially the ISC was
supposed to stop providing assistance in March, but there were still so many
infected computers that it was decided they would keep the systems in place
until July 9th, 2012. As of April 2012 there are still over 300,000
computers that are infected and nobody but the owners of the computers has the
right to fix them. If your computer is one of the infected computers then on
July 9th you will no longer be able to receive email or surf the Internet until
your computer is fixed. The DNS-Changer malware appears to have affected Macs
as well as PCs, so don’t make the mistake of thinking that your Mac is immune.
Fortunately, it isn’t very hard to test to see if your
computer has the DNS problem.
You can simply go to http://www.dcwg.org/
to check and see if your computer is affected and then fix it if need be. Don’t
wait until July 9th to do this because if your computer is affected
then you won’t be able to get to the web site to test or fix it!
Recently http://www.dcwg.org/
has been unavailable at times, so http://www.dns-ok.us/
and http://dns-changer.eu/ are also safe
sites to help you test for the problem.
There is also another potential problem. If you have a
router and you did not change the default administrator password when it was
installed, the malware could have changed the DNS settings in the router. To
check the DNS settings on the router you will need to refer to the owner’s
manual for your router. If you don’t know where you put your owner’s manual
then you can almost certainly download a new one from the vendor’s web site.
If you have a business, you might want to share this
information with your customers. Although your computer may be healthy, if your
customers have the problem they will not be able to email you or reach your web
site after July 9th until they get their computers fixed!
There are a couple of other side effects of the DNS-Changer malware.
If your computer is infected then Windows Update has not been downloading
security updates. Go to Windows Update and make sure you have all of the
security updates. Your antivirus software will not be functioning properly if
DNS-Changer is present. Make sure your anti-virus software is up-to-date as
well.
It is a great idea to set reminders to verify that your
antivirus software is updating properly and that your computer is up-to-date
with security patches as well. I recommend checking this every week, but even
once a month would be fine. You also need to make sure other software is
current, but I’ll save that for another blog!
If you can’t connect to the Internet on July 9th and you
call your ISP for assistance, they’ll probably actually know what the problem
is... Perhaps that is why the Mayans thought the world is going to end this
year!
Randy Abrams
Independent Security Analyst
© 2012
No comments:
Post a Comment