DNS Malware: Will You Lose Your Internet Connection in July?

Last November, a group of hackers known as Rove Digital were arrested by an assortment of law enforcement agencies from around the world. It appears that, during the course of the FBI’s investigation, it had discovered that Internet users who responded to an online advertising scam were finding their computers infected with malware software that pirated control of their computers. Apparently, since the FBI decided to set up safety measures, its concern was centered around the possibility that the infected systems could lose Internet access.

So how did the hackers successfully accomplish hacking into these systems and what did these changes to the DNS accomplish?

• They were able to successfully compromise the Windows operating system by exploiting its known vulnerabilities.
• They succeeded in installing their malicious software onto the compromised systems.
• They managed to turn off the computers’ anti-virus programs and to prevent any additional anti-virus updates from being installed.
• Once in control, the rogue software changed the way the system handled Web addresses, allowing the hackers to redirect the computers to fraudulent versions of any website of their choosing.
• It cost the government $87,000 to keep the rogue computers online.

So how did the hackers make money?

The malware’s creators profited from advertisements that were placed on the rogue websites. It is estimated that the profits from this one venture alone netted the malware’s creators approximately $14 million.

What was required to fix the problem?

Each of the rogue servers had to be replaced with clean servers in order to keep these people online.

Why would the FBI protect those whose computers were infected?

The thinking was that if the controlling computers were to be shut down, it could create chaos for upwards of 570,000 Internet users. They were of the opinion that the citizens, who were less computer literate, would be led to believe that the Internet was broken. Yes, I said broken.

I know, that sounds extreme, but face it: People in general can be uneducated, or just plain lazy. Think about it. Would any technically alert individual fail to:

• keep their systems updated with the latest service packs or security updates?
• keep an active and updated anti-virus and security software on their computers?
• stay away from obvious scams and cons?

What business does the FBI have in using our tax dollars to protect all of these people?

In my opinion, it should have been the responsibility of the people who were infected with the virus, but face it: We send our military into foreign countries to extract citizens who get themselves in a fix, so why are we surprised when Big Brother decides it is in our best interest to fix computers as well? Of course, you and I know that if the person isn’t savvy enough to protect their computer, they have no business being on the Internet in the first place. However, since they chose to use their systems as toys instead of as work tools, they did put the rest of us at risk, so it is possible that the decision to intervene was mandated out of genuine concern for the country’s stability.

So what do you do if you believe that your computer is the latest victim of this rogue software?

First, go to the DCWG [DNS Changer Working Group] website and run a simple test on your computer. With one click of a button, the website can tell you if your computer is infected or not. I ran the test on all of my computer systems and was relieved when they all received a clean bill of health. Rest easy, one of the important aspects of the testing process is a guarantee that nothing will be downloaded to your computer during the testing process.

What if your computer is infected?

I just encountered a case of the DNS rogue software on a computer that was being used by one of our local businesses. In an effort to ensure compatibility with its older software, the owners (at the time of purchase) had opted to have Windows XP installed. They had feared that changing operating systems would create havoc with their existing inventory control software. Unfortunately for them, they were not aware that they could have stayed with Windows 7 and merely ran their software under the system’s free XP mode software.

When they began having issues with their system, I advised them to check the DCWG website and run a scan of their system and, sure enough, they had fallen victim to this malware.

If you believe that you may also be a victim, the directions for how to remove the infection are easy to follow and clearly explained on the WCWG website. For the owners of the above business, I provided a copy of the McAfee Stinger software that I had saved to a USB drive. This program easily removed the infection. If you don’t wish to use this particular program, there are additional software listings on the website that are also successful in removing the rogue software. I chose McAfee Stinger because, in the past, I have found it to work best for me. For best results — or if you have issues using the normal mode — when running the removal software, you may want to run it through safe mode.

Comments welcome.

Source: FBI

CC licensed Flickr photo above shared by marsmet501