US ISPs Continue To Support DNSChanger Redirection Servers 87
darthcamaro writes "On Monday of this week, the primary servers that kept those infected with the DNSChanger malware were taken offline. It's a story that sparked lots of media hype with people claiming that hundreds of thousands of people could lose their Internet access. As it turns out, major U.S. ISPs including Verizon, Cox, AT&T and CenturyLink all kept their own DNSChanger servers online, protecting any users from losing their access."
Re:Oh for the love of god (Score:5, Informative)
Any algorithm to decide what machine is infected remotely is not going to be any smarter than the designer, and probably a lot less so.
The thing is that there is no algorithm at work at all except the infection itself.
If you paid attention at all to the goings-on of this issue at all, you'd know that DNS Changer does what it's titled to do: point at a (formerly) criminally controlled set of DNS machines. These have since been commandeered by authorities and maintained. The infected machines are being artificially propped up. To "disconnect" people, all they have to do is turn these off and let the end users fend for themselves.
So let me repeat: there is no "remote turnoff" being done here. The computers are left without a DNS when the fake DNS machines are turned off. If your computer does not point at a valid DNS when they turn off the fake DNS, it is 100 percent guaranteed that you have the DNS Changer malware.
--
BMO
Re:Oh for the love of god (Score:4, Informative)
All a user would need to do (assuming they were literate enough to get networking..and not know they were infected, is remap the DNS section of their IP config to resolv the issue?
If it was really, really simple, yes. But I suspect that the authors of DNS Changer already thought of that and will prevent you from simply changing it manually, or at least run a scheduled task to keep it set wrong (the Macintosh variant does this with a crontab).
It was spread as a "video codec" on porn sites and then as "funny video" sites, which I guess is more popular. The internet was built on porn and lolcats.
In any case, if you have an updated malware removal tool, it should remove it. Removal is effective.
If your DNS servers are in these range, then you are affected.
64.28.176.1 - 64.28.191.254
67.210.0.1 - 67.210.15.254
77.67.83.1 - 77.67.83.254
85.255.112.1 - 85.255.127.254
93.188.160.1 - 93.188.167.254
213.109.64.1 - 213.109.79.254
--
BMO
Re:What's the big deal? (Score:3, Informative)