There has been lot of over-hyped reactions on “DNSChanger trojan” specially among non-techies, who even don’t have any idea what a DNS is ?
What is DNS ?
DNS (Domain Name System) is an Internet service that converts user-friendly domain names into the numerical Internet protocol (IP) addresses that computers use to talk to each other. When you enter a domain name, such as www.askrahul.com, in your web browser address bar, your computer contacts DNS servers to determine the IP address for the website. Your computer then uses this IP address to locate and connect to the website. DNS servers are operated by your Internet service provider (ISP) and are included in your computer’s network configuration. DNS and DNS Servers are a critical component of your computer’s operating environment—without them, you would not be able to access websites, send e-mail, or use any other Internet services.
Why attack DNS ?
Criminals have learned that if they can control a user’s DNS servers, they can control what sites the user connects to on the Internet. By controlling DNS, a criminal can get an unsuspecting user to connect to a fraudulent website or to interfere with that user’s online web browsing. One way criminals do this is by infecting computers with a class of malicious software (malware) called DNSChanger. In this scenario, the criminal uses the malware to change the user’s DNS server settings to replace the ISP’s good DNS servers with bad DNS servers operated by the criminal. A bad DNS server operated by a criminal is referred to as a rogue DNS server. And then whatever website you visit will be decided by them, you may be trapped in Phishing, in which your passwords will be saved.
What Does DNSChanger Do to My Computer?
DNSChanger malware causes a computer to use rogue DNS servers in one of two ways. First, it changes the computer’s DNS server settings to replace the ISP’s good DNS servers with rogue DNS servers operated by the criminal. Second, it attempts to access devices on the victim’s small office/home office (SOHO) network that run a dynamic host configuration protocol (DHCP) server (eg. a router or home gateway). The malware attempts to access these devices using common default usernames and passwords and, if successful, changes the DNS servers these devices use from the ISP’s good DNS servers to rogue DNS servers operated by the criminals. This is a change that may impact all computers on the SOHO network, even if those computers are not infected with the malware.
How to check for virus?
Double-checking for the malware only takes a minute. Here’s how to do it:
The Canadian Internet Registration Authority (CIRA) has done much of the legwork for you by setting up an online screening system for your computer.
Visit the website www.dns-ok.ca/ and click on a link agreeing to run your computer through the DNSChanger malware checker. The page should refresh and show you either a green or red banner, with a message stating whether DNSChanger has been detected.
If it’s green, you’re in the clear. If the banner is red and a message confirms the virus has been detected, you can go to one of several websites set up to help inform the public about the virus and the related FBI operation for further instructions on how to remove it:
- DNSChanger Working Group
- Public Safety Canada
If your PC is among this lot, your connection with the Internet will be snapped when the FBI sleuths begin a clean-up act on Monday morning. Your PC might pop a message: “Failed to resolve your request’. That’s it
Social Networking sites was of great curiosity to me in starting when I had joined it.. way back in 2004. I had joined college and got invite from a friend to join orkut.
I joined it and found it to be very interesting. Initially especially 2-3 months I used to spend lot of time on orkut.. exploring all the features of it. Joined many communities. The communities grew to thousand to thousands to lakh.
Seeing the size of the community on orkut Inspired if “What If i have this community ?” In Late 2005 I started working on some technique in getting the communities. I came with a easy solution –> Phishing. Its illegal I know. Orkut security being quite weak back then (no mods no notification on community transfer,etc..).
From End of 2005-2006. Around 1000 communities where hacked , not to mention the thousands of profile credentials. The technique made my used was spreading like virus. There was strong action taken by orkut and I did lost many communities but managed to retain back till now By the end of 2006 I stopped doing this as there could be lot of legal issue arising.
What i did was just 1 %. There where gurus who used Nukes,DB INjection etc to hack communities. I never did R&D on this and left this as the communities did not mean so much afterall.
I was right back then, Orkut is dead. People have migrated to FB as I had predicted in 2007.