General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsHundreds of thousands may lose Internet in July
WASHINGTON (AP) For computer users, a few mouse clicks could mean the difference between staying online and losing Internet connections after early July.
snip
The FBI is encouraging users to visit a website run by a security partner that will inform them whether they're infected and explain how to fix the problem. After July 9, infected users won't be able to connect to the Internet.
To check and clean computers, try: www.dcwg.org
htuttle
(23,738 posts)I find one article about this on USA Today. Everything else is promo from this DCWG.
If this is real, the FBI went about dealing with it the wrong way. At this point, I wouldn't touch it with a 10 foot pole with a Windows NT CD tied to the end.
highplainsdem
(48,993 posts)That page on the FBI site also has the same list of DNSChanger Check-Up sites that the DCWG site has at
http://www.dcwg.org/detect/
I've checked both the dns-ok.us and the dns-ok.ca sites, and my computer is clean. You're not going to get malware from this check.
ananda
(28,865 posts)nt
freshwest
(53,661 posts)I went through mine, with the Comcast instructions, to check my DNS connections. My computer is clean, maybe because DNS was not enabled. I noted the grayed out numbers in the DNS window did not match the problem list, either.
Definitely not a scam since my ISP knows about it and has established a protocol for it. But they said they will not do an invasive test to determine anything about my computer, just to run through the instructions myself, instead.
Said they would notify by mail or email only if they received messages from the modem back to them if anything happened. I don't know if not having DNS enabled protected my computer from this or not. If they ever got that from my modem, they would give me instructions how to reset the modem and stop the problem.
So I did not do a malware test from the website. The FBI and other site directed me to my ISP without doing their test, and I think others can get this done without being exposed to the website's testing if they are worried.
I appreciate that Comcast said they were unwilling to do an invasive test; they only take in data sent back to them, from modem itself. If there was an infection, they would have noted the data streaming from my computer but only at the point of the modem.
I only have security updates from my computer working to prevent infections along with secure settings. My browser is also set to reject many things, giving me messages such as 'site is trying to check your keystrokes,' etc. kind of warnings which it gives the option to cut them off.
Thanks for the thread.
geckosfeet
(9,644 posts)rhett o rick
(55,981 posts)they would just have to issue free copies of Angry Birds.
geckosfeet
(9,644 posts)rhett o rick
(55,981 posts)Angry Dragon
(36,693 posts)htuttle
(23,738 posts)The page says it was updated about 8 hours ago. Wonder how hard it would be to hack USA Today and put an article up? lol...
pinboy3niner
(53,339 posts)The AP report also is apearing on many mainstream media sites including WaPo and network news orgs.
YellowRubberDuckie
(19,736 posts)...and it would be all over the news. DO NOT DO IT!
dems_rightnow
(1,956 posts)YellowRubberDuckie
(19,736 posts)NightWatcher
(39,343 posts)Sounds kinda fishy
piratefish08
(3,133 posts)Oilwellian
(12,647 posts)Linky?
rucky
(35,211 posts)Sea-Dog
(247 posts)wandy
(3,539 posts)You can go directly to an FBI site here....
https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS
To get you're Dns server from Win XP do...
Start -> Run then enter cmd
In the Dos box enter
ipconfig /all
You may see two entries for DNS Servers
Enter the IP address that is not you're gateway on the FBI site.
FarCenter
(19,429 posts)Trojan:BAT/Dnschanger.B changes the computer's DNS server to 188.210.236.250 for the following default Internet connection names:
LAN
LAN 1
LAN 2
Local Area Connection
Local Area Connection 1
Local Area Connection 2
WAN
WAN 1
WAN 2
Wireless Network Connection
Wireless Network Connection 1
Wireless Network Connection 2
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:BAT/Dnschanger.B
If you are using an up to date security package, it should detect and remove this one.
PS -- the address is in Romania. Why would a country's border firewalls allow DNS traffic to other countries except between top level DNS servers?
wandy
(3,539 posts)I remember from long long ago that part of the Norten package could pinpoint IP adresses. Is their something that does that today other than Norten?
Just as an aside. After the fall of the Soviet Union a number of eastern block countries became very active in creating software.
A notable example would be iL2. Game, sure, but one of the best flight simulators ever.
It would seam only natural that a bunch of malware also come from these places.
Not impossable that Romania has a few top level DNS servers they don't officaly know about.
FarCenter
(19,429 posts)This will tell you that the address range is allocated to RIPE in The Nethelands.
https://apps.db.ripe.net/search/query.html
This will tell you that the address is in a class C allocated to someone in Bucharest.
I think that Bulgaria and Ukraine are somewhat more notorious for malware writing.
wandy
(3,539 posts)htuttle
(23,738 posts)Or go there yourself and search for 'DCWG'.
As I said up above, if this is real, the FBI is being really stupid about dealing with it. Going to a site to have your computer checked for malware is usually how malware gets ONTO your computer.
KharmaTrain
(31,706 posts)I saw this the other day and was very suspect of the site. I did my own internal search to see if the rouge file was in my machines and came up with nada...also double-checked to see if that name had been entered into my spyware (it had). I'm very dubious about downloading any file onto my machine unless I know it's from a known entity.
wandy
(3,539 posts)a popular trick for malware providers.
Going to the FBI site and entering the DNS Server IP is like filling out a form.
Pretty much like entering a post here at DU.
About as safe as you can get.
SidDithers
(44,228 posts)In early November, authorities in Estonia arrested six men suspected of using the Trojan to control more than four million computers in over 100 countries including an estimated 500,000 in the United States. Investigators timed the arrests with a coordinated attack on the malwares infrastructure. The two-pronged attack was intended to prevent miscreants from continuing to control the network of hacked PCs, and to give Internet service providers an opportunity to alert customers with infected machines.
snip
Tom Grasso Jr., an FBI supervisory agent at the National Cyber Forensics & Training Alliance in Pittsburgh, Pa., said the DNSChanger Working Group the industry and law enforcement coalition thats handling the remediation has been discussing what to do about the upcoming deadline, but he declined to offer specifics.
snip
Individuals in charge of a large network can learn if any systems are infected with DNSChanger by sending a request to one of the members of the DNS Changer Working Group (www.dcwg.org). Home users can avail themselves of step-by-step instructions at this link to learn of possible DNSChanger infections.
Sid
tjwash
(8,219 posts)Are you fucking serious?
vanlassie
(5,675 posts)Listen to yesterday's Democracy Now. It will sicken you.
Rex
(65,616 posts)Union Scribe
(7,099 posts)It took all of 1 second and didn't do anything at all to my hard drive. It isn't a malware checker. If anyone is still paranoid, here's an article by the guy who made the site: http://www.circleid.com/posts/20120327_dns_changer/