Friday, November 11, 2011

Public Service Announcement!

Today is Veterans Day. My intention for today’s post was to say a little about the meaning of Veterans Day and then cover the local band activities this weekend. Instead – I’m going to start out with a very important public service announcement:

DNS Changer

What’s so important about DNS Changer? Why should I care?

I’ve been following information on what appears to be the biggest ever arrest of cybercriminals. “Operation Ghost Click” has been a huge investigation, involving multiple law enforcement agencies and covering a span of several years. 6 men were arrested in Estonia, breaking a malware ring that is said to have affected 4 million or more computers in more than 100 countries. Perhaps as many as 500k in the U. S. alone were affected. This includes Apple products.

The malware they used is called DNSChanger. It hijacks the computer and aims the browsers at “pay-per-click” advertising. Pay-per-click ads generate income for whoever is hosting the ads, as the advertiser pays the host for each time someone accesses the ad. If the browser goes to the ads automatically, that generates more clicks. The Ghost Click ring took in more than $14 million through this fraudulent activity.
Unlike many malware infections, the DNSChanger infection can go undetected, replacing advertisements on legitimate pages with the fraudulent advertising. The computer user could be completely unaware their computer is being used in this fashion.
The malware generally is disguised as a video codec, and could be picked up by a user trying to view a video from an infected site. Once installed, DNSChanger goes deep into the system – sometimes to the boot sector – which makes it difficult to spot and difficult to remove. Some variations of the malware infect Apple products, and there are even some that will make changes to routers. DNSChanger then changes the DNS settings to point the computer to their servers instead of the normal DNS servers. Once the settings are changed, the owner of the fraudulent DNS servers can then redirect any part of the browsing session to any server they wish.

The FBI is working towards notifying Internet Service Providers of infected systems using their service. They’ve also posted some information about how to check your DNS settings and what to do if your computer is infected.

See this handy PDF document for information with screen shots:
http://www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-malware.pdf


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)