A major Trojan Horse is lurking – coming soon to a computer near you

Virus AlertMany of you may have heard about the Trojan horse called “DNSChanger” which is set to activate on March 9th. Hopefully – you have already taken action to remove it.

The good news is the FBI has already shut the people behind this down and seized their servers, the bad news is when the FBI shuts down the seized servers you may lose your Internet connect, or worst – be infected if the FBI missed any servers.

Over 450,000 computers – including half of the Fortune 500 companies and over 50% of government entities – are still infected with the DNSChanger malware. DNSChanger is a Trojan horse that changes the DNS settings on computers and routers to send users to malicious sites, which then steal personal information and generate illegal ad revenue for the scammers. In November 2011, the FBI took over the botnet’s rogue servers and replaced them; however, on March 8th the FBI will be shutting down the servers they put up in replacement of the rogue ones.

Today we are going to discuss DNSChanger Trojan, its impact on Internet users and the biggest challenge for FBI to resolve it, and how a user can check and restore their computer. Hopefully you will share this article with your friends, family and followers.

First let’s examine what DNS (Domain Name System) is? DNS is an Internet service that converts user-friendly domain names into the numerical Internet protocol (IP) addresses that computers use to talk to each other. You can think of it like a phone book. DNS cross references user-friendly names. When you enter a domain name, such as http://www.ravenit.com, in your web browser address bar, your computer contacts a DNS server to determine the IP address for the website. Your computer then uses this IP address to locate and connect to the website. DNS servers are operated by your Internet service provider (ISP) and are included in your computer’s network configuration. DNS and DNS Servers are a critical component of your computer’s operating environment without them, you would not be able to access websites, send e-mail, or use any other Internet services.

What is DNSChanger? It is a small file about 1.5 kilobytes, DNSChanger is a trojan horse that will change the infected system’s Domain Name Server (DNS) settings, in order to divert traffic to unsolicited, and potentially illegal sites. This Trojan horse is designed to change the ‘NameServer’ Registry key value to a custom IP address. This IP address is usually encrypted in the body of a trojan.

The DNSChanger malware was first discovered around 2007, and since this time has infected millions of computers, around 500,000 of them being in the U.S., and through these computers the criminals have reportedly pulled in around $14 million in stolen funds. The FBI has uncovered a network of rogue DNS servers and has taken steps to disable it.The FBI is also undertaking an effort to identify and notify victims who have been impacted by the DNSChanger malware.

Both Windows and MacOS as well as smartphones users are at risk for this infection because it exploits your browser, not your operating system.Here are some known hostile IP address pairs used by the DNS Changer malware:

64.28.176.1 –  64.28.191.254
67.210.0.1 –  67.210.15.254
77.67.83.1 – 77.67.83.254
85.255.112.1 –  85.255.127.254
93.188.160.1 –  93.188.167.254
213.109.64.1 –  213.109.79.254

Check your IP settings to verify that your DNS settings are not within the above ranges. If they are, contact your ISP to figure out what your current DNS setting should be and change them immediately. As mentioned above, the FBI plans to shut down the above mentioned DNS server and if your computer uses one of the above DNS IP address – you will not have access to the Internet.

After the take down of the DNSChange Botnet, in November 2011, the FBI obtained a court order allowing the FBI to set up a temporary DNSChanger Command & Control network. The court order expires on March 8th, 2012. Unless the FBI obtains a new court order allowing them to continue operating the temporary network, the network will be turned off. Resulting in millions of computers, world-wide, no longer being able to access the Internet.

According to FBI, It is quite possible that computers infected with this malware may also be infected with other malware. The establishment of these clean DNS servers does not guarantee that the computers are safe from other malware. The main intent is to ensure users do not lose DNS service.

How to check manually that your System is Infected or Not ? The best way to determine if your computer has been affected by DNSChanger is to have them evaluated by a computer professional. If not you can use this IP Tool:

Enter your DNS IP address in the “Reverse DNS Lookup” mid-way down the page in the left column and click go. Your result should be a known domain, like your ISP.

If you would like, we provide a Free Technical Assessment, this can be beneficial to new and startup companies that are not sure where to start.

Raven Cloud Computing offers: Cloud Computing | Online File Storage | Hosted Exchange | Cloud Desktops | Cloud ServersVOIPSupport

, , , , , , , ,

About Barry Bestpitch

Barry Bestpitch has helped a wide range of businesses launch, re-brand, and flourish. Barry has worked in various business development , marketing positions and executive staff positions, he is experienced in all media and in small and large scale marketing. He is strong at writing business plans and proposals as well as aiding with your funding search. Barry has acted as a coach and mentor to many business owners and executives.

View all posts by Barry Bestpitch

Subscribe

Subscribe to our RSS feed and social profiles to receive updates.

4 Comments on “A major Trojan Horse is lurking – coming soon to a computer near you”

  1. Myles Says:

    It’s actually a nice and helpful piece of info. I’m happy that you just shared this useful information with us.
    Please keep us informed like this. Thank you for sharing.

    Reply

Trackbacks/Pingbacks

  1. Check Your DNS Settings Now! Combat DNSChanger! « Pondering Technology - February 25, 2012

    […] A major Trojan Horse is lurking – coming soon to a computer near you (ravenit.com) […]

  2. March 8, 2012: The Internet Doomsday Effect on India | Murali - March 6, 2012

    […] A major Trojan Horse is lurking – coming soon to a computer near you (ravenit.com) […]

  3. Let the hacking begin… | Raven Cloud Computing Blog - July 5, 2012

    […] you will recall (Our article “A major Trojan Horse is lurking – coming soon to a computer near you” dated February 23, 2012 THIS ARTICLE IS A MUST READ – IT HAS IMPORTANT INFORMATION […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: