Old DNSchanger Virus may still be around

[submix8c]

Seen on morning news and got curious.

I did a search -

virus internet monday

and it popped up all over by different names.

Apparently remnants of a hacker scheme the FBI caught up with last November may still affect some DNS Servers and many PC users are still affected. The affected PC's apparently get redirected to the rogue DNS addresses which ISP's were supposed to reroute to real IP's but the "temporary fix servers" will be turned off and affected PC's will no longer be able to access the internet.

Not to worry, though. Affected PC's can be repaired. Check yourself now our be prepared to check the PC's later or (shudder) pay the Geek Squad to do it.

Business Journal

This website calls it Alureon.

Above link provides this link to check and repair (if necessary) your PC. There's a very good chance that your AntiVirus/AntiMalware software already detects it.

FBI website calls it DNSChanger as does Computerworld.

Last week, IID said that its scans showed 12% of Fortune 500 firms, or about one out of every eight, harbored DNSChanger-compromised computers or routers. And two out of 55 scanned U.S. government departments or agencies -- or 3.6% -- also had failed to scrub all their PCs and Macs.

This is Topic is more of an FYI heads-up to get a "checkup" by whatever means you have... See ya Monday morning...

[Tripredacus]

I hid your duplicate topic...

This story seems to be reported wrong in the news. Already this morning I have texts from friends that are scared about some virus attack on Monday. They called it the "Monday Virus".

But as you found, it is from last year. FBI took over the C&C but did not know where all the clients were. So they sanitized the servers and let them keep running. Now the problem is that for some reason they are on a time-table (probably a budget thing or whatever) and there had been meetings and deadlines pushed past already. So for some reason they can't just let these things run in a closet somewhere and have to turn them off by Monday.

You'd figure it wouldn't be overly complicated to send a command back to the clients and have them set their DNS to auto or something but its probably more complicated than that.

[submix8c]

The {hide} is fine by me - you can delete it entirely if you wish.. My intention was not to -monger, but to inform of the potential. The claim is that individual PC's are affected - some kind of "redirect", hence the "easy fix". Anyone caught with their pants down (as it were) deserves the headache. Maybe the dopey kid across the street will pay me again to "disinfect". I need the cash anyhow...

"START /WAIT" (and wait and wait...)

edit - looks like the USofA has a lot of pr0n-searchers!

edit2 - OUCH!!! The first website ("us-of-a") to "check" seems to have problems loading (lots of hits?). Let the insanity begin!

The "au" one (hint) loaded right up!

You do not appear to be affected by DNSChanger

On the bright side, I''m sure we'll all be up-and-running!

(sheesh! it appears to be a REAL easy fix! Then again, you still need to disinfect your PC with some kind of AntiMalware/Antivirus)

Edited July 6, 2012 by submix8c

[Tripredacus]

Ok. I felt that is is better to have the topic in "News" since it is "News" today... Even though it is actually "Olds" but those not keeping up on security may not know about it.

But just watch, It'll turn out that one of my machines are infected!

PS: congrats on the Patron badge!

Edited July 6, 2012 by Tripredacus