The FBI Might Cut Off the Internet For Millions of People on March 8th
Heads up...
In an unprecedented move, the FBI may cut off Internet access to millions of people on March 8th to try to rid the country of a Trojan. Millions of computers are infected worldwidemaybe even yours.
The DNSChanger Trojan originated in Estonia and might be lurking undetected on as many as a half-million computers in the United States, according to Brian Krebs. It has been found on the computers at half of all Fortune 500 companies and at 27 government agencies. The Trojan changes an infected computer's DNS settings to send users to fraudulent websites. What's more, the worm is particularly malicious in that it also prevents you from visiting security websites that might diagnose or fix the problem. While the men authorities suspect are behind the Trojan have been arrested, the Feds, working in concert with the Estonian government, have yet to put the final kill on the worm's botnet.
That's where the Internet shutdown comes in. The FBI has a court order allowing it to set up temporary replacement DNS servers so that those with infected computers or networks can get the worm off of their systems. The court order, however, expires on March 8th. Unless that order gets extended, anybody who hasn't cleaned up their act before it expires, might get cut off from the Internet altogether.
http://gizmodo.com/5885716/the-fbi-might-cut-off-the-internet-for-millions-of-people-on-march-8th
elifino
(366 posts)Do a Google search for AviraDNSRepairEN or use the link.
Link http://avira-dns-repair.en.malavida.com/
Download and run.
Do a Google search for cleantdss or use the link.
Link http://avira-dns-repair.en.malavida.com/
This should remove the probable carrier of the virus.
Down load and run scan(DO NOT RUN DOWNLOAD ANTIVIRUS IF YOU HAVE ANOTHER ANTI-VIRUS PROGRAM).
Both are free
hobbit709
(41,694 posts)i knew I was clean but I ran the Avira deal anyway.
RC
(25,592 posts)If this Trojan is lurking undetected on as many as a half-million, or whatever computers in the United States, how does the FBI know which computers to shut down the Internet to, if it is undetected?
The story sounds like bullshit to me. Yes, I know the DNSChanger Trojan is real, but really now.
Syrinx
(14,804 posts)The FBI isn't going to intentionally cut any computers off from the internet.
I had not heard of this before, but evidently, some time ago they replaced a number of DNS servers, that were known to be compromised, with replacements. The court order that allowed them to do this expires on March 8th. So if your ISP was one of the companies infected, come that date, your computer will not be able to translate domain names into numerical addresses. Unless you use another dns server.
That's just my understanding, and I could be wrong.
EDIT: 216.158.28.196 That's DU's address. Jot it down, just in case.
ChromeFoundry
(3,270 posts)I have never seen an ISP outperform any of the Open DNS servers.
I usually have my router setup to forward requests to OpenDNS as the primary and Google Public DNS or another as the secondary.
208.67.220.220 - OpenDNS
8.8.8.8 - Google Public DNS
My clients get configured to use the default gateway address as their primary DNS server - 192.168.1.1
The requests from the entire network get forwarded to one of the two addresses, and the router caches the results for the proper TTL (time to live) defined.
The only time I ever had a problem was when OpenDNS had a problem with resolving "mail.google.com" for 5 hours.
The work around was to switch my routers primary DNS server address to 8.8.4.4 until OpenDNS corrected their problem.
I really think there is a much better way to orchestrate fixing a few corrupt DNS servers.
Earth Bound Misfit
(3,554 posts)Syrinx
(14,804 posts)But I would guess that most people do use their ISP's DNS server.
ChromeFoundry
(3,270 posts)I think you should probably download DNS Benchmark and determine if your ISP is a wise choice for you, and if you really want your ISP determining what addresses you are able to resolve.
http://www.grc.com/dns/benchmark.htm
Syrinx
(14,804 posts)I was talking about what most people probably do. But thanks for the link, I will check it out.
truedelphi
(32,324 posts)Earth Bound Misfit
(3,554 posts)I found this @ sevenforums.com: http://www.sevenforums.com/security-news/214628-bad-dns-servers-shut-down.html
...check your DNS server for these bad boys
go to an elevated command prompt and type
ipconfig/all
Between this IP... ... and this IP
77.67.83.1... ... 77.67.83.254
85.255.112.1... ... 85.255.127.254
67.210.0.1... ... 67.210.15.254
93.188.160.1... ... 93.188.167.254
213.109.64.1... ... 213.109.79.254
64.28.176.1... ... 64.28.191.254
Dunno where the OP got those #'s from & posted an inquiry there.
Earth Bound Misfit
(3,554 posts)The DCWG is an ad hoc group of subject matter experts, and includes members from organizations such as Georgia Tech, Internet Systems Consortium, Mandiant, National Cyber-Forensics and Training Alliance, Neustar, Spamhaus, Team Cymru, Trend Micro, and the University of Alabama at Birmingham.
DNS Checkup instrux: http://www.dcwg.org/checkup.html
http://www.dcwg.org/checkup2.html
bananas
(27,509 posts)the Trojan makes infected PC's use a fake DNS server at a certain IP address.
the FBI put a real DNS server at that IP address.
now there won't be any DNS server at that IP address.
so infected computers will try to use the DNS server at that IP address and get no answer because there won't be a server at that IP address.