The news, since the past couple of days has
been largely about how come July 9th, systems infected with the dreaded
DNSChanger virus may be pulled down. July 9, 2012 marks the end of the
court order sought for by the FBI, instead of the initial March 8
deadline, in a bid to give users more time to ensure that their systems
are not affected by the virus. Now, a blog post by Marco, Kaspersky Lab
Expert sheds more light on how one should go about ensuring the smooth
functioning of their system. He begins with explaining, "Computers in the internet have their own address – the IP-address. There are two versions:
- IPv4 which is a 32-bit address e.g. 195.122.169.23 and
- IPv6 which is a 128-bit address e.g. 2001:db8:85a3:8d3:1319:8a2e:370:7347
You clearly see that these addresses are not so easy to remember
compared to e.g. “kaspersky.com”. Therefore the “Domain Name System”
was created which translates domain-names as “kaspersky.com” to their
respective IP-address to connect to the server."
Attempting to make it easier to operate, once the scheduled server
shutdown happens, the post adds that to check if one has been affected
by the DNSChanger virus, then they can manually check the DNS server
IPs. So, basically if your system is among those affected then you can
change your DNS entries to the free DNS servers from Google (8.8.8.8
and 8.8.4.4). OpenDNS also offers two such servers (208.67.222.222 and
208.67.220.220). These changes can be made to either your router or
your Windows installation. You’ll find these settings under the network
adapter settings under Windows’ Control Panel.
The number of users affected by the DNSChanger virus has fallen to
300K from the 4 million reported earlier as a result of a large number
of users taking the delayed shut down of temporary DNS servers from
March to July seriously and taking appropriate steps and updates.
According to details by the DNSChanger Working Group, the number of
infected systems worldwide now stands at 303,867 - a massive decline
from the earlier 4 million. India has the third-highest number of DNS
infections after the United States and Italy.
Incidentally, it has been found that in some cases, the DNSChanger
virus managed to prevent a users' anti-virus software and OS from
updating, thereby leaving more room for malicious activity to wreak
havoc, in addition to the other harm that it inflicts on a system. What
emerged as an even more worrying aspect was that it was not only
infected PCs that were using the bad DNS servers, but the havoc had
spread to other everyday home and work devices, like wifi-enabled
mobile phones, tablets, smart HDTVs, digital video recorders, and game
consoles. Basically, the criminals would change the web content that
users downloaded to suit their needs and make money.
He suggests that the best solution is that one install a security
suite that can detect and clean the infection and also fix the DNS
servers. He adds, "Since many DNSChanger infections are accompanied
by TDSS, a rather nasty rootkit, you can also use our tool “Kaspersky
TDSSKiller” in order to detect and delete the infection."
No comments:
Post a Comment