Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
AT&T Security The Internet Verizon

US ISPs Continue To Support DNSChanger Redirection Servers 87

Posted by Soulskill from the you-had-one-job dept.
darthcamaro writes "On Monday of this week, the primary servers that kept those infected with the DNSChanger malware were taken offline. It's a story that sparked lots of media hype with people claiming that hundreds of thousands of people could lose their Internet access. As it turns out, major U.S. ISPs including Verizon, Cox, AT&T and CenturyLink all kept their own DNSChanger servers online, protecting any users from losing their access."
This discussion has been archived. No new comments can be posted.

US ISPs Continue To Support DNSChanger Redirection Servers More

US ISPs Continue To Support DNSChanger Redirection Servers

Comments Filter:

  • Re:Oh for the love of god (Score:5, Informative)

    by bmo ( 77928 ) on Friday July 13, 2012 @07:09PM (#40644707)

    Any algorithm to decide what machine is infected remotely is not going to be any smarter than the designer, and probably a lot less so.

    The thing is that there is no algorithm at work at all except the infection itself.

    If you paid attention at all to the goings-on of this issue at all, you'd know that DNS Changer does what it's titled to do: point at a (formerly) criminally controlled set of DNS machines. These have since been commandeered by authorities and maintained. The infected machines are being artificially propped up. To "disconnect" people, all they have to do is turn these off and let the end users fend for themselves.

    So let me repeat: there is no "remote turnoff" being done here. The computers are left without a DNS when the fake DNS machines are turned off. If your computer does not point at a valid DNS when they turn off the fake DNS, it is 100 percent guaranteed that you have the DNS Changer malware.

    --
    BMO

  • Re:Oh for the love of god (Score:4, Informative)

    by bmo ( 77928 ) on Friday July 13, 2012 @08:14PM (#40645163)

    All a user would need to do (assuming they were literate enough to get networking..and not know they were infected, is remap the DNS section of their IP config to resolv the issue?

    If it was really, really simple, yes. But I suspect that the authors of DNS Changer already thought of that and will prevent you from simply changing it manually, or at least run a scheduled task to keep it set wrong (the Macintosh variant does this with a crontab).

    It was spread as a "video codec" on porn sites and then as "funny video" sites, which I guess is more popular. The internet was built on porn and lolcats.

    In any case, if you have an updated malware removal tool, it should remove it. Removal is effective.


    If your DNS servers are in these range, then you are affected.

            64.28.176.1 - 64.28.191.254
            67.210.0.1 - 67.210.15.254
            77.67.83.1 - 77.67.83.254
            85.255.112.1 - 85.255.127.254
            93.188.160.1 - 93.188.167.254
            213.109.64.1 - 213.109.79.254

    --
    BMO

  • Re:What's the big deal? (Score:3, Informative)

    by CheshireDragon ( 1183095 ) on Friday July 13, 2012 @10:28PM (#40645773) Homepage
    Then those ego maniacs need a slap in the face. If they were in fact a power user they wouldn't have let this happen to their system.

Slashdot Top Deals

After an instrument has been assembled, extra components will be found on the bench.

Close