Sunday, July 8, 2012

Change DNS settings to avoid DNSChanger blackout

The news, since the past couple of days has been largely about how come July 9th, systems infected with the dreaded DNSChanger virus may be pulled down. July 9, 2012 marks the end of the court order sought for by the FBI, instead of the initial March 8 deadline, in a bid to give users more time to ensure that their systems are not affected by the virus. Now, a blog post by Marco, Kaspersky Lab Expert sheds more light on how one should go about ensuring the smooth functioning of their system. He begins with explaining, "Computers in the internet have their own address – the IP-address. There are two versions:

  • IPv4 which is a 32-bit address e.g. 195.122.169.23 and
  • IPv6 which is a 128-bit address e.g. 2001:db8:85a3:8d3:1319:8a2e:370:7347

You clearly see that these addresses are not so easy to remember compared to e.g. “kaspersky.com”. Therefore the “Domain Name System” was created which translates domain-names as “kaspersky.com” to their respective IP-address to connect to the server."


map

Attempting to make it easier to operate, once the scheduled server shutdown happens, the post adds that to check if one has been affected by the DNSChanger virus, then they can manually check the DNS server IPs. So, basically if your system is among those affected then you can change your DNS entries to the free DNS servers from Google (8.8.8.8 and 8.8.4.4). OpenDNS also offers two such servers (208.67.222.222 and 208.67.220.220). These changes can be made to either your router or your Windows installation. You’ll find these settings under the network adapter settings under Windows’ Control Panel.

The number of users affected by the DNSChanger virus has fallen to 300K from the 4 million reported earlier as a result of a large number of users taking the delayed shut down of temporary DNS servers from March to July seriously and taking appropriate steps and updates. According to details by the DNSChanger Working Group, the number of infected systems worldwide now stands at 303,867 - a massive decline from the earlier 4 million. India has the third-highest number of DNS infections after the United States and Italy.

Incidentally, it has been found that in some cases, the DNSChanger virus managed to prevent a users' anti-virus software and OS from updating, thereby leaving more room for malicious activity to wreak havoc, in addition to the other harm that it inflicts on a system. What emerged as an even more worrying aspect was that it was not only infected PCs that were using the bad DNS servers, but the havoc had spread to other everyday home and work devices, like wifi-enabled mobile phones, tablets, smart HDTVs, digital video recorders, and game consoles. Basically, the criminals would change the web content that users downloaded to suit their needs and make money.

He suggests that the best solution is that one install a security suite that can detect and clean the infection and also fix the DNS servers. He adds, "Since many DNSChanger infections are accompanied by TDSS, a rather nasty rootkit, you can also use our tool “Kaspersky TDSSKiller” in order to detect and delete the infection."

No comments:

Post a Comment