So the media is trying to cash in on this whole "FBI will cut internet access to hundreds of thousands of people" crap and I'd like to shed some light on the whole thing.
History
Back in November last year (2011), the FBI, NASA-OIG (NASA Office of Inspector General) and the Estonian police arrested the people behind "Operation Ghost Click". It was basically a group of people who spread a malware which changed the targets DNS settings to point them to their DNSes.
The malware is capable of infecting not only Windows machines but OS X machines as well. Not sure about other flavors of UNIX and Linux based operating systems though.
What is a DNS?
A DNS, or Domain Name System, is what translates web addresses into IP addresses. When you type for example www.YouTube.Com into the address field, you first contacts a DNS which looks up what IP the server hosting YouTube has, then redirects your computer to that IP.
As you can imagine, being able to redirect hundreds of thousands of people anywhere you want is pretty powerful. The criminals used this to alter the infect peoples' searches, show them malicious ads and things like that.
However, they got arrested about half a year ago and FBI decided to remove harmful code from the servers and have kept them running up until now. The servers will be shut down on July 9, 2012.
What is happening now?
FBI will now shut the DNS servers down and this is where the whole "hundreds of thousands of people will lose Internet access" comes from. When the servers are down, people who still have their default DNS set to the old malicious server, will not be able to receive IP addresses for the websites they try to visit.
They still have Internet access, but unless they type in the IP address, such as 74.125.224.72 (Google.com) they won't see any sites. It is also worth noting that they are not removing your access to the Internet. As soon as you have the correct DNS settings you will be able to access the Internet again. Or you can also access it by typing in the IP addresses of the website you want to visit.
Am I infected and how can I fix it if I am?
The people reading my blog are most likely not infected. Companies such as Google and Facebook have warned people which might be infected on their websites.
If you're not sure then you can test yourself on the website DNS Changer Check-Up which is hosted by the US government. If there is a green background in the picture, then you're safe. If it is red, then you're infected.
If you are infected then please run an up to date anti-virus software such as Microsoft Security Essentials (Windows Only). If you are still connecting to the wrong DNS then follow these steps (Windows only) :
1) Go to the control panel -> Network and Internet -> Network and Sharing Center
2) Press "Change adapter settings" in the left row.
3) Right click on the icon which says "Local Area Connection" or whichever port you are using to connect to the Internet with.
4) Open properties.
5) Doubt click on the item which says "Internet Protocol Version 4 (TCP/IPv4).
6) Select "Use the following DNS server addresses" and then type in:
Preferred DNS server: 8.8.8.8
Alternative DNS server: 8.8.4.4
8.8.8.8 and 8.8.4.4 and Google owned DNS servers which you can use. If you know of some other DNS then feel free to type in its address instead.
And that's it! I doubt that anyone reading this will be infected though.
More info can be found here: DCWG
No comments:
Post a Comment