Avoid Internet Doomsday: Check for DNSChanger Malware Now

Some background:
The DNS system is a network of servers that translates a web address — such as http://www.google.com — into the numerical addresses that computers use to locate actual websites, computers and servers. It is known as the Internet’s phone book, which translates URLs to the IP address for the server hosting the Web site. This is not only true for Web sites, but also for any other Internet-based service being used, including servers for e-mail, backups, synchronization, chat programs, and calendars AND antivirus programs to update themselves.

Back in November, law enforcement authorities working with the Federal Bureau of Investigation arrested six of the seven individuals in Estonia responsible for infecting millions of Windows and Mac machines worldwide with the DNSChanger Trojan. As part of the “Operation Ghost Click” raid, FBI agents also seized over 100 servers at data centers throughout the United States masquerading as legitimate DNS servers.

If the FBI were to simply shut down the DNS network, then the millions of computers that had been affected by the malware would instantly no longer be able to access the Internet, and given the scope of this malware infection, would suddenly cut off many and very likely have a notable negative impact globally. Being infected with the malware, these systems would not benefit from users checking for and changing their DNS settings, since the malware would continually revert it and thereby continually disrupt communications.

To prevent this, the FBI instead chose to keep the rogue DNS servers active and convert it to a legitimate DNS system for infected computers. Since November 2011, there has been a campaign by the government, security agencies and MANY high profile internet service providers (ISPs) to notify users of the DNSChanger malware and offer services to help users identify systems that are infected.

Most victims don’t even know their computers have been infected, although the malicious software probably has slowed their web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.

To quickly and easily see if this may affect you and what you can do about it visit this site

Click on the link in the middle of the page and you will be notified if you are currently infected.

If you are infected/compromised you can visit this page for resolution tips and instructions.

Remember this trojan/virus will affect PC’s AND Macs. Better safe than sorry. Or you could always call me for a hou$e call when your system won’t connect to the internet.

You can read the FBI’s page here.

Google has one here

Facebook also has one here.

More Rogue Antivirus/Spyware infecting many!

Users are being ‘Tricked’ into infecting themselves with trojans/virus’
This has been used on probably 1.5 million websites!
And it is increasing! UPDATE! Here is even more evidence that this is HUGE!

I have written about this type of attack before and how to avoid it and stop the ‘infection’.
Please Read Here on that process.

The hack seeks to trick Web users into believing that their computer has been compromised by viruses and prompts them to download fake security software that itself causes further problems. [called a social engineering hack] Among the sites serving up the links to the fake software sites are some belonging to Apple and used on its iTunes store, though Apple is said to have cleaned up the affected code on its site.

For more information please read this too!!
Here is an excellent video showing how and what happens.

Security Threat News

I have mentioned many times before of the need to update your computer Operating Systems, Anti-Virus and Anti-Spyware applications.

But I also must mention again to please update your applications as well – ESPECIALLY ADOBE PRODUCTS.

A 2009 Global Threat Report from ScanSafe, a Cisco company, shows that in the 4th quarter of 2009 80% of all web-based exploits were malicious PDFs! It’s not surprising that the PDF number is large, but this number is so large it’s hard to believe, especially in as much as Flash exploits were 18%!
Those are some frightening numbers!

PDFs and Flash are ground zero for malware on the web these days. Just by keeping up to date on your client software you can protect yourself against almost all of it.
Here is the advisory from Adobe.

Users should update to versions 9.3.1 or 8.2.1, the links to which are in the advisory. Alternatively, you can “Check for Updates” in the Help menu.

Here we go again – Spyware and bogus Antivirus

Folks,
I can’t stress enough the importance of keeping your Operating system patched, up to date and running the latest versions of available applications – especially web browsers!
Several new threats are emerging that are taking advantage of the fact the people are running outdated and un-patched software. Some of the latest hacks have involved un-patched Adobe Acrobat and old un-patched web browsers – IE 6 and Safari. There is no reason to NOT have the latest web browsers and have them patched. I run Firefox primarily myself, as I have mentioned, but always keep all of my browsers (IE, Firefox, Chrome and Opera up to date)

As I have said before never, never and never..
Download supposed toolbars or video player or helpers…that a site says are ‘required’ to…whatever..
These are nearly always ‘trojanware’.
If you need to ‘install’ a special toolbar to ‘play games’ or ‘view a file’ or what ever you can be assured that someone is using that download to ‘view/own’ your system.
Are those ‘smileys’ worth having your entire system compromised or corrupted? I don’t think so.
If you use P2P software Limewire, Gnutella, KaZaA, Napster, BearShare, MySpace, torrents or even some Facebook ‘Apps’ you can expect, repeat EXPECT, to get infected by malicious software! There is no such thing as free ‘premium’ software. If software that normally cost from a vendor somewhere else is ‘found’ for free, you can expect you’ll get what you pay for. We don’t get it in the ‘real’ world why do people continue to believe that it will occur in the cyber world?
Here is an article on some people tricked by the old ‘social engineering’ scam to do just that.
Here is a good article on ‘Scareware’ – essentially it is a ‘social engineering’ tick to get you to install actual spyware/trojanware!
People are hit with this from many sites all the time, and end up screwing themselves to the stoneage.
Please take the time to read this information and how to protect yourself.

The one thing this article doesn’t really explain is how to ‘get out’ of the pop-up hell.
It is simple.
1st.

DO NOT CLICK ON ANY POPUP

WARNING WINDOW TRYING TO

CLOSE/EXIT!!!.
This will infect you!

Press the Ctrl+Shift+Esc keys at the same time (all on the left hand side of the keyboard).
This will bring up the ‘Windows Task Manager’ see attached screen capture.

From here click on the Microsoft Internet Explorer or Mozilla Firefox running ‘Task(s)’ and then click on ‘End Task’. It is wise to End Task ALL of them.

This kind of ploy gets MANY users!
I just the week have had three – count them 3 different people get caught by these methods!!
After closing the pop ups via the task manager run CCleaner BEFORE you open any browser again. If you have followed my previous advice you already have this installed and run it everytime you close your browser.
Please re-read these posts for more information on protecting yourself from malicious software.

Here

And Here

 

Anti Virus/Anti Spyware Suite Shootout Results

Here are the results of a very well done study on the effectiveness of current anti-virus/anti-spyware suites.
Review of the review here.
The top of the current list is Nortons latest suite.
They did not test Microsoft’s new/updated foray into this arena – their Freeware solution;
Microsof Security Essentials.
As I have mentioned previously I have been a fan of Norton for a while. They have done a good job of reducing the memory and process footprint compared to previous editions.
I am however very impressed with Microsoft’s Security Essentials application.
I recently had a collegue who’s systems was infected and Norton AND Trend Micro could not effect a solution.
But Security Essentials DID!
I think it is a good free solution and worth checking out.
Keep safe out there.

Bogus and Malicious emails

Here is a reminder.

Let’s all keep ourselve and our data and systems safe.
I have just recently seen numerous emails comming in supposedly from UPS containing trojan/infected files!!
If you are not expecting and ‘EXPLICIT’ file in an email from a TRUSTED person.

DO NOT OPEN/RUN OR DOWNLOAD IT!!
Info on some here.

Legitimate vendors – eBay, ups, fed-ex amazon etc. will send you notice that you have invoices, receipts, shipping info etc. ready for you viewing.

BUT do not click on links provided in emails requesting personal information – they can contain links to bogus/phishishing sites! [sites that mask as legitimate but instead ‘steal/get you to give them your personal information]

If the email is from a true valid vendor you should be able to go to the appropriate vendor site by typing in the web address into your web browser and logging into your account and checking ‘messages/status etc.

I have spent a lot of time recently cleaning up systems that people inadvertently infected with spy ware/malware. And by trying to ‘fix’ the problem by themselves many of these folks have only infected/wrecked their machines more dramatically.

There are LOADS of malicious emails out there claiming to be ‘security updates/upgrades’ or Outlook system updates etc. that are cleverly (dastardly actually) masked (spoofed) as comming from within your organization, or some other trusted entity (often Microsoft).

Here is a good article on what some of these look like. Here is another. And still another.
You get the idea I hope.
They vary but the result is the same – you infect your system and your entire network with a ‘backdoor’ trojan.
These types of emails are very dangerous ‘phishin’ attacks designed to place a trojan silently onto your machine.

Once again please NEVER click on a link with in an email! From anyone.

The safest thing to do is call the person suposedly sending the email and verify it’s validity, or simply type the address directly into your browser.

As always I hope that any of you who read this have current Antivirus and Anti spyware software installed and most importantly keep them updated daily. And have them currently running.
While there may be advertisements listed on my site for anti-spyware and anti-virus protection, I can’t always control who or what they are for. I can however, recommend the links below.
My recomendations are as follows:

For a very, very good Antivirus and spyware solution (and free at that):

http://free-antivirus.eeye.com/

Their solution – Blink is fantastic.

You may also have Symantec/Norton, McAfee or AVG installed – Great!! but is it updated daily?

http://www.symantec.com/business/security_response/definitions.jsp

http://us.mcafee.com/virusInfo/default.asp?cid=45702

http://www.grisoft.com/us.download-update

Another super free and great anti-spyware is Spybot Search and Destroy (Spybot S&D;).

I have used this to successfully fix/repair dozens of machines.

Beware though there are many ‘bogus/extortion’ appliations that are trying to trade off the ‘Spybot’ name.

The home to the one and only freeware SpyBot Search & Destroy is:
http://www.safer-networking.org/en/spybotsd/index.html

And a very highly rated anti-spyware package by PCWeek is Spyware Doctor. Not free but worth the price:
http://www.pctools.com/spyware-doctor-antivirus/

MORE CONFLICKER – CHECK FOR INFECTION

CONFLICKER UPDATE:

Symantec’s got a pretty simple (and free) tool specifically for Conficker:
Download this file on an uninfected computer, follow the steps, and you should be okay.

Or.

Doxpara Research has release a ‘scanner’ to check for conflicker infection.

Security expert Dan Kaminsky, working with the Honeynet Project’s Tillmann Werner and Felix Leder, have discovered an easier way to detect if a machine on a network is infected by Conflicker.
Dan writes:”What we’ve found is pretty cool: Conficker actually changes what Windows looks like on the network, and this change can be detected remotely, anonymously, and very, very quickly. You can literally ask a server if it’s infected with Conficker, and it will tell you.

Go here:
http://www.doxpara.com/
download the scanner:
http://www.doxpara.com/scs.zip
Extract to folder and run it against your workstaions and servers:
Open command window – Start>run>type ‘cmd’

Navigate to the exanded directory and ‘run’ the scanner on each individual computer.
Example:
C:\ yourdesktop \scs\scs>scs.exe 192.168.31.2
[For the admins out you can use a host file for a range of IPs]

If you are unsure of how to find your IP address.
Open up command windows – – Start>run>type ‘cmd’ then type in “ipconfig /all”
[If you don’t know how to navigate in the DOS window check this out:
http://www.online-tech-tips.com/computer-tips/how-to-use-dos-command-prompt/ ]

Update – Another way to scan:
1. Download and install Python 2.6.1: [www.python.org] [python.org]
2. Download Impacket from [oss.coresecurity.com] [coresecurity.com] (or maybe [pypi.zestsoftware.nl] [zestsoftware.nl] or some other mirror)
3. Download the scanner from [iv.cs.uni-bonn.de] [uni-bonn.de]
4. Unpack Impacket into a folder, then install Impacket from a command line with c:\python26\python setup.py install
5. Run the scanner with the command c:\python26\python scs.py [starting_ip] [ending_ip]