Tag: software

Criminal law, News

Update, malware: 1,286 computers in the Philippines still infected (from a U.S. security group, info storified by interaksyon.com)

“Thousands still infected with DNSChanger malware in PH as July 9 deadline looms

“08-Jul-12, 11:17 PM | Patrick Villavicencio, InterAksyon.com, the online news portal of TV5

“THE EASIEST WAY TO SEE IF YOUR PC IS INFECTED, SIMPLY CLICK THE LINK/S:

DNS CHECKER WEBSITE

DNSCHANGER CHECKUP

“MANILA, Philippines — Despite stern warnings by various Internet and telecom companies as well as the US’s Federal Bureau of Investigation (FBI), thousands of computers in the Philippines remain infected by the DNSChanger malware and would stand to lose Internet access on Monday, July 9.

“According to latest data from the DNS Changer Working Group (DCWG), a multi-sectoral ad hoc group of subject matter experts in security and DNS monitoring, some 1,286 unique IP addresses discovered to be infected with the malware were coming from the Philippines.

“Globally, more than 240,000 were still recorded to have the malware in their systems, which mean they would lose access to the Internet if the infection remains unresolved by Monday.

“On Sunday, a day before the FBI takes down the DNS server to which the malware has changed infected users’ DNS settings to, security firms and Internet companies have reiterated the call for users to check if their systems still contain the virus.

“Some of the popular Internet destinations such as Google and Facebook have put in place systems that notify users of possible infection and the step they can take to ensure their systems remain up after the July 9 deadline.

“Kaspersky Lab, a Russian security software provider, meanwhile stressed that even though users have removed the malware from their computers, they should remain vigilant for mutations and strains of the virus, which could still wreak havoc in their systems.

” “In other words, it doesn’t mean you have pneumonia, but you still have a cough. And it makes you extraordinarily more likely to get sick again,” said Kurt Baumgartner, a Kaspersky Lab Expert, adding that some antivirus software providers have been prompting users to check and point their settings to “clean” DNS servers to avoid future similar incidents. (http://www.securelist.com/en/blog/208193664/DNSChanger_Last_Call_on_Cleanup)

“The FBI, on the other hand, has put up a website where users can quickly check to see if their PCs had been infected:http://www.dns-ok.us/

“The DNSChanger malware was discovered last year to be re-routing Internet traffic of infected PCs to servers of a group of Internet hackers, which allows them to display advertisements or spread malware to more users. ()

“Once infected, the Domain Name Settings (DNS) of an infested computer will be changed to that of the hackers’ servers. Reports said systems have started to become infected when they visited similarly infected websites, “or downloaded particular software to view videos online,” according to technology news site CNet.

“In addition to changing the DNS servers of the computer, the malware has also been known to prevent antivirus updates from occurring, which means traditional security software couldn’t possibly detect the infection.

“The group behind the malware has since been arrested by authorities in 2011, but the temporary redirection servers set up by law enforcement bodies to give users the time to clean up their systems will soon be shut down.

“To check if your system is infected, telcos PLDT and Smart urged to go through your computer’s settings:

“Windows

“1. Click Start

“2. Open the Command Window

“3. (For Windows 7) Type cmd at the search bar

“4. (For Windows XP) Click Run, then type cmd at the bar

“5. Type ipconfig /all

“6. Search for the DNS Servers section

“Mac OS X

“1. Click the Apple icon an the top left of the screen

“2. Select System Preferences

“3. Locate the “Network” icon

“4. Read the “DNS Server” line

“If the DNS servers are pointed at any of the following addresses, then it means the system is infected:

• 85.255.112.0 through 85.255.127.255

• 67.210.0.0 through 67.210.15.255

• 93.188.160.0 through 93.188.167.255

• 77.67.83.0 through 77.67.83.255

• 213.109.64.0 through 213.109.79.255

• 64.28.176.0 through 64.28.191.255

“THE EASIEST WAY TO SEE IF YOUR PC IS INFECTED, SIMPLY CLICK THE LINK/S:

DNS CHECKER WEBSITE

DNSCHANGER CHECKUP      “

Blog admin’s note: The infected computers in the Philippines are listed through their IP addresses in a page linked by the news story. i did not run it here: queasy about privacy issues.

constitutional law, media law, News, Original videos photos music-slides, Rules of Court

Check if your computer is infected before July 9, 2012

Blog admin received this from the broadband telecom company by email and verified it by phone call and visit to the website. You can verify the information yourself by your own methods. (if it’s a hoax, we’ll just file an administrative complaint against the broadband company for spreading it in an official communication)

      “We have received information from international agencies that a rampantly spreading “DNSChanger” malware may infect the computers of internet users globally. If your computer is infected, this malware redirects you to fraudulent websites and DNS servers and can interfere with your online browsing.

      “We strongly urge our Broadband subscribers to take the necessary steps to check their computers as soon as possible. If infected, they should remove the virus from their computers immediately. If your computer is infected, you may lose access to the internet by July 9, when U.S. authorities will shut down the temporary servers that continue to allow infected computers to access the internet.

     “Checking the status of your computer is easy. Simply click on the US FBI’s DNS Changer Working Group, or DCWG, web site at http://www.dcwg.org/, the group working on cleanup resulting from the malware, or click on this link http://www.dns-ok.us/ to find out the status of your computer: green means it is safe; red means it is infected.

      “If your computer test results to green, no further action is needed. But, if your test results to red, please visit the ____________ (blog admin’s broadband website)  at _________________ ( url of site to check your computer, this links you to www.dns-ok.us )  for a step-by-step instruction on how to recover your computer from this malware.

      “We also encourage you to visit our website to read more about this issue.

      “We hope this information ensures that you continue to experience seamless internet services.

                                        “ Yours,

                                      “__________(blog admin’s broadband telecom company)”

      Blog admin’s note: IN SIMPLER TERMS: Just go type the following in your url bar or click it here:

       www.dns-ok.us

This will give you a rectangle (geometric shape)  with conical  symbols of “people” inside: If the color of the rectangle is green, your computer is not infected. Easy. So it looks like this: 

(image right-clicked from www.dns-ok.us )

 If the color of the rectangle is red, your computer is infected.  

There’s some literature (explanation) below the rectangle.  My computer is not infected.

 don’t know what the red rectangle looks like.

    [i suppose the FBI got the necessary court orders for this: shutting down access to the internet of some 250,000 infected computers and red-flagging the rest and shutting down their temporary servers (if non-consensual on the part of the servers) by July 9]