The Internet will shut down for millions of users as early as March 8 because of a malicious computer script called the DNSChanger Trojan that has corrupted computers in more than 100 countries.
Note- It doesnt mean that everyones internet will go dark, Only Infected systems Internet will shutdown because that system is running on Rogue DNS!
FBI has shut down the DNSChanger network and put up surrogate servers, they warned the solution was only temporary - and the court-ordered deadline is March 8. They decided to get a court order allowing them to replace the rogue DNS servers with legitimate stand-ins so that all the infected computers wouldn't get cut off without warning giving them time to get the word out.
DNS (Domain Name System) is a System that converts human understandable domain names, such as www.google.com, into machine understandable (numerical) addresses. Without DNS and the DNS servers, computer users would not be able to surf websites or send e-mail.
Criminals have learned that if they can control a user’s DNS servers, they can control what sites the user connects to on the Internet. By controlling DNS, a criminal can get an unsuspecting user to connect to a fraudulent website or to interfere with that user’s online web browsing. To do this criminals created a malicious computer script called the DNSChanger.
DNSChanger was used to redirect unsuspecting users to rogue servers controlled by the cyber thieves, allowing them to manipulate users’ web activity. When users of infected computers clicked on the link for the official website of iTunes, for example, they were instead taken to a website for a business unaffiliated with Apple Inc. that purported to sell Apple software. Not only did the cyber thieves make money from these schemes, they deprived legitimate website operators and advertisers of substantial revenue.
The six cyber criminals were taken into custody yesterday in Estonia by local authorities, and the U.S. will seek to extradite them. In conjunction with the arrests, U.S. authorities seized computers and rogue DNS servers at various locations. As part of a federal court order, the rogue DNS servers have been replaced with legitimate servers in the hopes that users who were infected will not have their Internet access disrupted.
It is important to note that the replacement servers will not remove the DNSChanger malware—or other viruses it may have facilitated—from infected computers.
Are you Infected? Check Here!
To check if your computer has been affected by DNSChanger follow the Steps belo:-
- Open Cmd Click START> RUN> type cmd and hit Enter
- At the command prompt enter Ipconfig /all
- Look for the entry named “DNS Servers……….”
Now see IP addresses for the DNS servers and compare them to the table of known rogue DNS servers listed below:
Rogue DNS Servers
184.108.40.206 through 220.127.116.11
18.104.22.168 through 22.214.171.124
126.96.36.199 through 188.8.131.52
184.108.40.206 through 220.127.116.11
18.104.22.168 through 22.214.171.124
126.96.36.199 through 188.8.131.52
To make the comparison between the computer’s DNS servers and this table easier, start by comparing the first number before the first dot. For example, if your DNS servers do not start with 85, 67, 93, 77, 213, or 64, you can move on to the next step. If your servers start with any of those numbers, continue the comparison.
FBI also make a online tool to check if you are infected or not. Check Here!
Information regarding malicious software removal published by United States Computer Emergency Readiness Team(US-CERT) Read Here!
Hv gr8 day!