Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Archy

Malware monday - 570,000 users are about to get kicked off the internet by the FBI!

Recommended Posts

http://www.dcwg.org/ said:
On November 8, the FBI, the NASA-OIG and Estonian police arrested several cyber criminals in “Operation Ghost Click”. The criminals operated under the company name “Rove Digital”, and distributed DNS changing viruses, variously known as TDSS, Alureon, TidServ and TDL4 viruses. You can read more about the arrest of the Rove Digital principals here, and in the FBI Press Release.

The botnet operated by Rove Digital altered user DNS settings, pointing victims to malicious DNS in data centers in Estonia, New York, and Chicago. The malicious DNS servers would give fake, malicious answers, altering user searches, and promoting fake and dangerous products. Because every web search starts with DNS, the malware showed users an altered version of the Internet.

Under a court order, expiring July 9, the Internet Systems Consortium is operating replacement DNS servers for the Rove Digital network. This will allow affected networks time to identify infected hosts, and avoid sudden disruption of services to victim machines.


Also read this:
http://www.nydailynews.com/news/national/malware-put-internet-offline-thousands-monday-dns-changer-harm-article-1.1108522

Share this post


Link to post

The validation site, for what it's worth.

Aso, an FBI approved site that searches your computer. Though I don't particularity trust these FBI websites, either. And by that I mean I don't trust the FBI, not the site's validity.


These Malware scares are just new excuses for government to pull more terrorist scare-tactic nonsense. I can see the NASA scan system - or what ever it's called - primarily being used to crack open heads of armchair pirates and not actual cyber terrorists.

Share this post


Link to post
Technician said:

These Malware scares are just new excuses for government to pull more terrorist scare-tactic nonsense. I can see the NASA scan system - or what ever it's called - primarily being used to crack open heads of armchair pirates and not actual cyber terrorists.

You sound a bit paranoid, but I believe you ultimately speak the truth... unfortunately.

Share this post


Link to post
Archy said:

You sound a bit paranoid, but I believe you ultimately speak the truth... unfortunately.

Only recently has the government shown any concern for what happens to people's computers. There are two ways of looking at this: 1) Our daily lives now depend on the internet to function normally as a society, so the government is more invested in keeping it free from vandalization, or 2) They are using these "threats" as justification to monitor the net for the public's "safety."

Lately the government has been pushing for harsher laws, and motorization of the public for potential copyright violators, so I feel that was a huge incentive when building this new technology to monitor the net for "cyber criminals."

Remember a time when the FBI didn't deal with this shit?

Share this post


Link to post

Such shenanigans never occur in the UK, thankfully.

Worst that's happened of late is TPB being blocked by certain ISPs. The loss of one torrent website is hardly an infringement on my human rights.

Share this post


Link to post
DoomUK said:

Such shenanigans never occur in the UK, thankfully.

Worst that's happened of late is TPB being blocked by certain ISPs. The loss of one torrent website is hardly an infringement on my human rights.

UK ‘three strikes’ piracy legislation could go into effect in March 2014

Web users who get three warning letters in a year will face having anonymous information of their downloading and filesharing history provided to copyright owners, which could then be used to gain a court order to reveal the customer’s identity and take legal action against piracy.

Share this post


Link to post

Perhaps I should have said "very rarely" instead of "never". A friend of a friend did indeed get a letter from his ISP a few years back telling him not to steal things off the internet, or else. This new code might make it a more frequent occurrence.

And at least they're upfront about it. No one is claiming they want to keep your computer virus-free while actually wanting to know what you're downloading :p

Share this post


Link to post
DoomUK said:

Such shenanigans never occur in the UK, thankfully.

Worst that's happened of late is TPB being blocked by certain ISPs. The loss of one torrent website is hardly an infringement on my human rights.

Not much of a loss anyway with the Tor browser. :)

Share this post


Link to post

Did you people just start defending the malware authors — the kind of guys who like to destroy others' data? Shame on you.

Share this post


Link to post
printz said:

Did you people just start defending the malware authors — the kind of guys who like to destroy others' data? Shame on you.

Whoa.

Share this post


Link to post
printz said:

Did you people just start defending the malware authors — the kind of guys who like to destroy others' data? Shame on you.

I didn't get the impression that they were.

Share this post


Link to post
Technician said:

The validation site, for what it's worth.

Aso, an FBI approved site that searches your computer. Though I don't particularity trust these FBI websites, either. And by that I mean I don't trust the FBI, not the site's validity.


These Malware scares are just new excuses for government to pull more terrorist scare-tactic nonsense. I can see the NASA scan system - or what ever it's called - primarily being used to crack open heads of armchair pirates and not actual cyber terrorists.


No. That's not an FBI website and it doesn't scan your computer. Go read it. All it does is direct you to sites like the first one you linked that check if your machine is querying their replacement DNS servers then gives you some advice on how to fix the problem. There are good reasons to distrust FBI sites and scanning tools, but there's none of that here. The domain is owned by this guy. He probably works a lot with government agencies, but if he's out to get you that site isn't how he's going to do it.

Of course politicians use things like this to come up with awful laws and terrible enforcement tactics, but that's true of all crime. This was just a standard multinational takedown of some assholes and appears to have worked the way things should - an appropriate use of the FBI for a change.

The whole point of this story is to point out that if your connection dies on Monday you may need to get your computer fixed. It's a surprisingly transparent way of handling the issue. In past the DNS servers would have been knocked offline and clueless users would be left trying to fix their computers. This probably helped a lot of them.

Share this post


Link to post
printz said:

Did you people just start defending the malware authors — the kind of guys who like to destroy others' data? Shame on you.

I think all they're doing is suggesting that the cure might be worse than the disease. In this case it doesn't appear to be.

Share this post


Link to post

For the first time in probably over a decade, I found myself with a virus today. And because of this FBI thing going down on monday I actually thought it was legit for a moment. It's referred to as FBI Moneypak virus (for lack of a better name). Here I am browsing like usual, and BAM: whole desktop is hijacked by a screen claming I'm breaking one of many laws on the interwebs and that I have to pay $100 to have my computer unlocked.

Took the better part of the day getting the fucking thing removed too (not to mention I'm pretty sure it let a few friends in as well), but hopefully things will return to normal now. Not entirely sure how I got it; I haven't installed anything that wasn't from something I trust (basically some Steam games, and two GOG games). I get the feeling the bug was injected by one of the sites I was visiting via StumbleUpon, so I'm thinking I'm not going to be stumbling upon anything for a while. That makes me nervous, though, that I never received any UAC prompts before the thing hit me, so looks like they've got viruses that bypass UAC now. So I guess the damn thing really IS annoying for nothing.

Share this post


Link to post

Nomad, you have entered a safe website that was using a script from a malicious website. That's why I recommends every internet user get's noscript to disallow those often pointless foreign scripts.

Share this post


Link to post
Archy said:

Nomad, you have entered a safe website that was using a script from a malicious website. That's why I recommends every internet user get's noscript to disallow those often pointless foreign scripts.


sadly that breaks websites like facebook and twitter that load "insecure" content.

Share this post


Link to post
Csonicgo said:

sadly that breaks websites like facebook and twitter that load "insecure" content.

So allow allow that "insecure content" just for the sites you need them, you don't have to universally block scripts.

Share this post


Link to post

It also has the neat side effect of making the web faster because scripts from people's ad servers don't have to run.

Share this post


Link to post
Archy said:

Nomad, you have entered a safe website that was using a script from a malicious website.


Yeah, that's what I figured happened.

Archy said:

That's why I recommends every internet user get's noscript to disallow those often pointless foreign scripts.


I just may do that; I used it a long time ago and found it to be a bit annoying and superfluous. I'm pretty good about not browsing suspicious sites and I don't download and execute things I don't know, so normally I'm pretty safe. Looks like in some cases it doesn't matter how responsibly I surf though.

At any rate, I though it was quite interesting getting that virus right after hearing about this FBI thing on Monday.

Share this post


Link to post

You know, the FBI already basically has control over these computers. At any time, they could have simply redirected them all to a website with a simple virus fix. The fact that they didn't just go ahead and do that makes me wonder. Two possibilities come to mind. One is that they're using this as a training scenario for dealing with future severe virus outbreaks/cyber-terrorism. They have this under control, but they want to perform a live test to see if they can really shut down Internet access for so many computers. The other, more conspiracy-theory possibility, is that they're experimenting with developing a virus of their own that they could use as a sort of universal kill switch. The virus could be completely inconspicuous, doing nothing more than routing infected computers through their servers, but it would potentially allow them to shut down vast numbers of Internet connections with basically the press of a button.

Okay, I know the conspiracy theory one is a little over the top, but I love me a good conspiracy.

Share this post


Link to post

No, that wouldn't work and they know it. Not only is it easy to detect fake DNS servers, but many ISPs will just redirect DNS traffic through their own servers, probably to implement censorship rules.

Share this post


Link to post

I've been aware of this for months but wonder how many Internet users bother to read the news. Will the next headline be "FBI facing class action lawsuit after kicking hordes of users off Internet"?

Share this post


Link to post

It's going to all be grandmas that don't even know how to use their computers except to email senators and play popcap games anyway.

Share this post


Link to post

It won't matter one bit. Either people will get their computers fixed when they can't use the net or they'll get new ones. Some won't even know they have a problem because their ISP will redirect DNS queries through their own servers. It will just blow over and some other dummies will start talking about how there was this scam to get us all worried by saying the internet was going to break.

Share this post


Link to post

I do tech support for Comcast as a summer gig. Comcast just sent out an email about this DNSchanger to all of their customers, most notably the ones that have trouble figuring out how to click.

...

Screw you, Comcast.

Share this post


Link to post

Comcast sucks at support.I got lots of calls from Comcast customers while working at Dell. Seems Comcast techs often tell customers to get a new NIC rather than just try resetting their modems first.

Share this post


Link to post

I'm actually part of Support.com, and we're hired by Comcast to do their in-depth subscription tech support. As long as the customers pay extra, they get great support. Sadly, Comcast proper doesn't ever tell the customer's that we're a paid-for service, nor do they -ever- do what they are supposed to do.

Share this post


Link to post
Nomad said:

It's going to all be grandmas that don't even know how to use their computers except to email senators and play popcap games anyway.

It's already started. I received a call last night from a friend following a discussion he'd had with an elderly acquaintance who was blaming the DNS Changer trojan for her inability to access the Internet. I'm hoping I don't have to spend much of today providing telephone tech support for my friend as he attempts to delouse that PC.

Share this post


Link to post
grouchbag said:

My computer has checked out clean. Hope this crap doesn't last! I'm staying off the internet for a while!

Err, why are you staying off if your computer already checked out clean?

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×