What is DNS Changer Malware ?
On November 8, the FBI, the NASA-OIG and Estonian police arrested several cyber criminals in “Operation Ghost Click”. The criminals operated under the company name “Rove Digital”, and distributed DNS changing viruses, variously known as TDSS, Alureon, TidServ and TDL4 viruses.
What is the situation now ?
Here is a word cloud depending on the affection count. Bigger the word size higher the affection in that country..
Here is a word cloud depending on the affection count. Bigger the word size higher the affection in that country..
Here is latest list of country and affection count of DNS Changer Malware for Monday, June 11th:
- US-69517
- Italy-26494
- India-21302
- UK-19589
- Germany-18427
- France-10454
- China-10304
- Spain-10213
- Canada-8924
- Australia-8518
- Mexico-7054
- Argentina-6078
- Brazil-6074
- Japan-5867
- Poland-4916
- Russian Federation-4383
- Hungary-4021
- Turkey-3884
- Thailand-2941
- Czech Republic-2134
- Chile-2004
- Greece-1886
- Netherlands-1733
- Belgium-1721
- Pakistan-1682
What does the DNS Changer Malware do?
The botnet operated by Rove Digital altered user DNS settings, pointing victims to malicious DNS in data centers in Estonia, New York, and Chicago. The malicious DNS servers would give fake, malicious answers, altering user searches, and promoting fake and dangerous products. Because every web search starts with DNS (Click here to view the role of DNS in internet), the malware showed users an altered version of the Internet. It may also track your keystrokes for bank accounts or other website accounts. But it is unknown what else this malware will do.
How to check the infection ?
An industry wide team has developed easy “are you infected” web sites. They are a quick way to determine if you are infected with DNS Changer.
No Software is Downloaded! The tools do not need to to load any software on your computer to perform the check.
No changes are performed on your computer! Nothing is changed on your computer when you use this site.
If this site shows the following green signal then you are secure from DNS Changer Malware
How to do it manually ?
1. Open A Command Prompt
Start->Run->Type cmd.exe->Enter
2. Type ipconfig /all Then press Enter
3. In the upcoming list look for “DNS Servers......”. There will be two series of numbers in the format xxx.xxx.xxx.xxx where “xxx” is a number in the range 0 to 255. Note down the two series.
4. Next you should check whether your DNS is Rogue DNS. These are the Rogue DNS servers-
- 85.255.(112-127).(0-225)
- 67.210.(0-15).(0-225)
- 93.188.(160-167).(0-225)
- 77.67.83.(0-255)
- 213.109.(64-79).(0-225)
- 64.28.(176-191).(0-255)
Note: 77.67.83.(0-255) means 77.67.83.0 , 77.67.83.1 , 77.67.83.2 ……. 77.67.83.255)
So let’s start the comparison. Let the DNS server be a group of 4 numbers separated by a dot("."). Take the first number from your DNS server. Check whether it is the first number of above DNS servers i.e. 85,67,93,77,213,64. If not don’t worry, you are secure. If they are same, take the second number. Check whether it is the second number of above DNS servers. Again if they are also same take the third number and check if it is in the range provided. If that too is same then you have bad luck. You are attacked by DNS Changer Malware
How to Fix it ?
These are the best known Malware Fixing tools,
Alternatively you can also use a good updated antivirus such as Nod32 EAV or Nod32 ESS.
I will help you to use one these tools, KasperskyLabs TDSSKiller , which is free to download and smaller(2.01 MB) in size and easy to use.
1. First download KasperskyLabs TDSSKiller from here
2. Extract the Zip file and Open TDSSKiller.exe.
3. After initialization Click on Start Scan
4. After Scanning is completed if you find any “high risk” threats you should delete it.
How can you protect yourself from DNS Changer (and other Malware)?
Prevention is better than Cure. Use the core recommendations to protect yourself from malware like DNS Changer. In today’s environment, this malware’s goal is to victimize you, your computers (everyone in your family and/or organization), and the people around you. It is important to stay vigilant – protecting yourself.
- Backup your files to a portable device as soon as possible
- Keep Your Firewall Turned On
- Install or Update Your Antivirus Software
- Install or Update Your Antispyware Technology
- Keep Your Operating System Up to Date
- Be Careful What You Download
- Turn Off Your Computer and Disconnect your internet connection after usage. Don’t put it idle.
Conclusion
Be aware of what you do in computer and internet. Don’t expect more from what you desire. Don’t follow free offerings on internet, you will never get anything from them except many spam mails and messages. Be careful in every clicks. Think before you do, google before you think…..
Let Others Know About This
You should share this post in Facebook, Twitter and other social media sites and forums by clicking below links. Because it is worldwide problem which may cause a big disaster. Your share may rescue a computer from being attacked. Good luck !
No comments:
Post a Comment