Doomsday for Your PC or Mac If It Has This Malware

[Hotspring 44]

July 9: Doomsday for Your PC or Mac If It Has This Malware

There's a trojan out there that tricks computers -- both PCs and Macs -- into redirecting all their Internet traffic through malicious servers. Even though the trojan's creators have been stopped and arrested, millions of PCs could still be infected. For those machines, the Internet will cease to exist on July 9.

The reasons are technical, and they go back to 2007. That was the year the trojan first surfaced, according to PC World. The malware, which can infect both Windows and Mac computers, essentially creates a botnet by changing how the machine accessed DNS.

[More from Mashable: Warning: Fake Instagram App Will Infect Your Android Device]

DNS (Domain Name Service) is how the web organizes its addresses. It's the system that lets you simply type in "mashable.com" instead of some kind of long and incomprehensible IP address filled with letters, decimals and numbers. Your computer talks to a DNS server operated by your Internet Service Provider (ISP) to find all the websites that you visit every day.

The trojan, called DNS Changer, redirects your computer's DNS queries from your ISP's server to one created by the trojan's creators -- essentially hijacking all Internet traffic from your machine. That way, the bad guys can send you to hacker-created websites filled with ads whenever they want.

[More from Mashable: Apple Releases Update to Remove Flashback Trojan]

SEE ALSO: 1 in 5 Macs Has Malware [STUDY]

The good news: The FBI shut down the operation, called Rove Digital, last November when they arrested six Estonian nationals behind the botnet and shut down their malicious servers. To ensure infected computers wouldn't be cut off from the Internet entirely, the FBI set up its own DNS servers.

The bad news: Those friendly servers will soon be shut down. They were originally going to run only four months, but a judge ordered an extension of their operation until July 9 since it's estimated that hundreds of thousands of computers are still infected.

If a machine is still has the trojan and tries to access the web on July 9, it won't be able to access anything. With Internet access cut off, it would be very inconvenient to download and install anti-virus software.

If you suspect you're infected, go to the DNS Changer Check-Up website, which should let you know if your computer's DNS is working properly. Should your machine test positive, an organization called the DNS Changer Working Group has a list of anti-virus tools for cleaning it up. The FBI has an even more comprehensive to-do list.

Even with the extra time and cleanup tools, however, it's likely a few machines will slip through and not get the update by July 9. What do you think should happen to reach those computers in time? Sound off in the comments.

This story originally published on Mashable here.

Over 300,000 could lose Internet access by July: FBI

[meherc]

What the heck does this mean in human language? How do I know you're not the malware pusher and if I listen to your fix, it will actually infect?

July 9: Doomsday for Your PC or Mac If It Has This Malware

There's a trojan out there that tricks computers -- both PCs and Macs -- into redirecting all their Internet traffic through malicious servers. Even though the trojan's creators have been stopped and arrested, millions of PCs could still be infected. For those machines, the Internet will cease to exist on July 9.

The reasons are technical, and they go back to 2007. That was the year the trojan first surfaced, according to PC World. The malware, which can infect both Windows and Mac computers, essentially creates a botnet by changing how the machine accessed DNS.

[More from Mashable: Warning: Fake Instagram App Will Infect Your Android Device]

DNS (Domain Name Service) is how the web organizes its addresses. It's the system that lets you simply type in "mashable.com" instead of some kind of long and incomprehensible IP address filled with letters, decimals and numbers. Your computer talks to a DNS server operated by your Internet Service Provider (ISP) to find all the websites that you visit every day.

The trojan, called DNS Changer, redirects your computer's DNS queries from your ISP's server to one created by the trojan's creators -- essentially hijacking all Internet traffic from your machine. That way, the bad guys can send you to hacker-created websites filled with ads whenever they want.

[More from Mashable: Apple Releases Update to Remove Flashback Trojan]

SEE ALSO: 1 in 5 Macs Has Malware [STUDY]

The good news: The FBI shut down the operation, called Rove Digital, last November when they arrested six Estonian nationals behind the botnet and shut down their malicious servers. To ensure infected computers wouldn't be cut off from the Internet entirely, the FBI set up its own DNS servers.

The bad news: Those friendly servers will soon be shut down. They were originally going to run only four months, but a judge ordered an extension of their operation until July 9 since it's estimated that hundreds of thousands of computers are still infected.

If a machine is still has the trojan and tries to access the web on July 9, it won't be able to access anything. With Internet access cut off, it would be very inconvenient to download and install anti-virus software.

If you suspect you're infected, go to the DNS Changer Check-Up website, which should let you know if your computer's DNS is working properly. Should your machine test positive, an organization called the DNS Changer Working Group has a list of anti-virus tools for cleaning it up. The FBI has an even more comprehensive to-do list.

Even with the extra time and cleanup tools, however, it's likely a few machines will slip through and not get the update by July 9. What do you think should happen to reach those computers in time? Sound off in the comments.

This story originally published on Mashable here.

Over 300,000 could lose Internet access by July: FBI

[Hotspring 44]

What the heck does this mean in human language? How do I know you're not the malware pusher and if I listen to your fix, it will actually infect?

Okay, I guess the title of the thread could be misinterpreted as some kind of a ruse or a bad virus or something of that sort. However, what I did (and usually do) when I post news articles into wacko reader is: I copy and paste most or all of the actual title from the news article then use the link tool the waccobb website provides to link to the actual news article URL from the title (in the header) itself that is in the title and the body of the post.

I'm sorry if the title of this thread inadvertently made anybody paranoid, which was not my intent, but I can see your point, if what you're saying is largly based on the title.

Although I must say that most Internet savvy people (and using basic common sense for that matter) would know how to deal with any links on any website before clicking on them.

But, my simple answer to your question is:
I don't know about Macintosh computers or earlier versions of certain browsers.
On my browser when I point the cursor over the link, the actual webpage URL will show up on my screen, usually near the lower left over the start button (I'm using a PC Windows XP, Not Macintosh).
At least with that I could tell that the URL is the same as the actual lettering of a linked www. (dot) address If the lettering is actually the link URL, which in this case of this particular article only link URL on the bottom is the actual URL in the text same as it's link.

BTW, the waccobb website actually truncates those URLs When they get beyond a certain amount of characters (which is something I don't like; maybe I'll talk to Barry about that at some point).
Usually you can see after the www. and then whatever name and then the next (dot) IE: the .com, .net, .org or whatever, then in some but not all cases, the rest of the URL, which could be an extremely long string.

There is a multitude of ways to verify whether or not the link is either what it says it is or what it's URL is when the link is in the text which may not be the same as the actual URL which is commonplace on this website and most others.

Anyway, all the fine details of how to go about knowing whether or not a particular link URL is good or bad depends on, amongst other things: which browser you are using, what operating system you're using, and of course whether you're using a PC or Mac, and also what antivirus you are using and the settings you're using in the antivirus etc..

I always update the antivirus on the computer that I use at least once a day when I'm using it.
If I go to a known (by the antivirus software) bad URL it will not open it; instead it will give me a warning, and then I can decide whether or not I want to open it...... (obviously) of coarse in those circumstances I will definitely not open it when the warning that pops up says that it's a dangerous or un-trusted web URL.

Most antivirus systems even the ones that are free have a website where you can look up URLs before you actually go to that URL if someone is so inclined to have a reasonably good idea of whether or not the URL in question is safe in the first place.

In most browsers you can put the cursor (usually an arrow or some other kind of pointer) on the link, then right click the mouse, then there will be a display of choices that pop up, then you can left click the “Copy Link Location” (Microsoft XP anyway; several others are same I'm sure) in the menu that pops up, then go to the Notepad (or whatever it may be called where you paste the text into somewhere within your computer software, not on the web or in your browser) and paste it there; (doing that does not open the link, it just copies the link URL onto your Notepad, or whatever you use to do that is called), then you could use your antivirus website and search there using specifically the URL in question to find out whether or not that particular URL is a known bad one.

The very vast majority of the bad links (URLs) are known by almost all good antivirus software suppliers; they share information with each other, the vast majority of all the pertinent virus and dangerous website URL information is universally shared between the antivirus suppliers; because of that the odds are very much in our favor that if a particular URL is not listed as an un-trusted, blacklisted, dangerous, known virus spreading, net-bot, “Child unsafe” etc. etc website (URL) then it is extremely; I mean very extremely unlikely that it is a virus spreading or otherwise dangerous URL.

You could also Google the title; in this case “Doomsday for Your PC or Mac If It Has This Malware” or the header within the text in this case in the text of the Google search, you would copy and paste the header into text of the post (“July 9: Doomsday for Your PC or Mac If It Has This Malware”) into the Google search field and see what Google comes up with.... ... but beware those links aren't all perfect either.

It all comes down to common sense, up-to-date current antivirus software and some reasonable amount of knowledge.

I am using a PC with the most current Firefox browser.
With the Firefox browser there is an add on that you can get called “My Wot” from mywot.com/
(Firefox has that available as an add-on that is accessible with the browser and the Firefox website) which (when it's on and enabled) displays alongside any individual link on Google search results and in e-mail messages: a lifesaver shaped color-coded website rating “scale” so to speak (indicator) green for good, yellow for not so good, and red for bad that indicates all links within my e-mail, good or bad. Also, if I right click the mouse on any link, I can go to a rating for that specific link from the pop-up list , which is part of the software in the browser when My Wot is installed as an and on.

There is a multitude of other ways (techniques) and a myriad of trusted websites that you could use to go about finding out whether or not a particular URL that a link directs you to is either friend or foe. What method you decide to use to do that, if any is entirely up to you.

[Attic]

Its all over the news. Just go to Google news and type in Virus, then you will know whats going on. Oh yeah and just letting you in on something .... Mal-ware designer's don't typically live in Sebastopol.

What the heck does this mean in human language? How do I know you're not the malware pusher and if I listen to your fix, it will actually infect?

[podfish]

What the heck does this mean in human language? How do I know you're not the malware pusher and if I listen to your fix, it will actually infect?

to answer the first: it's not the language that's the problem - it's that the issue is technical. and the second question's always smart to ask!

After browsing a bit, it seems that this virus doesn't really deserve the hype. We live in a highly infectious interweb world and this doesn't seem to be one of the most virulent threats out there. If you're well protected against virii already you're probably fine.

I think Hotspring's later explanation misses the point, though. In my somewhat superficial understanding, the DNS server is a computer "out there" that takes the url (an address - like www.somewhere.com) and turns it into the dot number ( 12.34.56.78 ) which is the "real" address. So if the DNS server lies to you about the real address, you will end up getting websites from strange places. Your computer has the dot number of a DNS server stored in it; that happened when you set up your internet connection. This virus apparently changes your computer's setting so it goes to the bad guy's computer when translating www.something.com - and the bad guys tell you that the dot number is 98.76.54.21 which is a computer somewhere in Estonia.
Apparently most anti-virus programs already clean off the virus that will, on July 9th, switch your setting to the bad DNS server.

[Hotspring 44]

... and the second question's always smart to ask!

After browsing a bit, it seems that this virus doesn't really deserve the hype. We live in a highly infectious interweb world and this doesn't seem to be one of the most virulent threats out there. If you're well protected against virii already you're probably fine.

The attention it should get may not be = to the "hype" it supposedly (as you presume) has by way of it's heading title as compared to the actual "threat" it poses because it is not really a total "doomsday" for the infected computers because it only prevents (to what degree I am not sure) access to the Internet.
As far as I understand, it does not prevent access to the actual computer files on the computer or disable the computer in any other way, it will after July 9 2012 just prevent Internet access with that infected DNS protocol and it will no longer direct DNS infected computers to the so-called "friendly servers".

...To ensure infected computers wouldn't be cut off from the Internet entirely, the FBI set up its own DNS servers.

The bad news: Those friendly servers will soon be shut down. They were originally going to run only four months, but a judge ordered an extension of their operation until July 9 since it's estimated that hundreds of thousands of computers are still infected.

.

I think Hotspring's later explanation misses the point, though.

Yes, I suppose my explanation could miss "the point", but as far as I can tell; "the point" was adequately enough covered within the article in the first place so I did not (and still don't) think that I needed to repeat "the point"/s.
The article with it's links and explanation already had made "the point" in the first place. I am sure there are other articles and write-ups about it on the Internet to the point of relative perpetuity and circuitous repetitiveness.

Just for clarification,

Meherc asked:What the heck does this mean in human language?

... ...and:

...How do I know you're not the malware pusher and if I listen to your fix, it will actually infect?

...So where, how, exactly did I "miss the point"?...hmm, I think maybe podfish missed the points of the questions Meherc asked and/or my answers to those questions.

In my somewhat superficial understanding, the DNS server is a computer "out there" that takes the url (an address - like www.somewhere.com) and turns it into the dot number ( 12.34.56.78 ) which is the "real" address. So if the DNS server lies to you about the real address, you will end up getting websites from strange places. Your computer has the dot number of a DNS server stored in it; that happened when you set up your internet connection. This virus apparently changes your computer's setting so it goes to the bad guy's computer when translating www.something.com - and the bad guys tell you that the dot number is 98.76.54.21 which is a computer somewhere in Estonia.

Yes as the article said:

The trojan, called DNS Changer, redirects your computer's DNS queries from your ISP's server to one created by the trojan's creators -- essentially hijacking all Internet traffic from your machine.


That way, the bad guys can send you to hacker-created websites filled with ads whenever they want.
Apparently most anti-virus programs already clean off the virus that will, on July 9th, switch your setting to the bad DNS server.

I think my answers for the 2 questions that meherc asked were quite adequately to "the point".

On the other-hand, your added answer in so using the term "virii", was no more "in human language" (as was asked) than my answers were.