Prepper Forum / Survivalist Forum banner

1 - 8 of 8 Posts

·
Registered
Joined
·
16 Posts
Saying that the FBI is going to "shut down the internet" is using the wrong words for the situation.
Is there a malware that is redirecting people's computers to the wrong DNS servers? That is legit.
When you type in a web address, Google.com, Wikipedia.org or whatever, the computer queries a DNS server at you service provider. The logical "address" of that DNS server is typically set by your ISP. That DNS server provides the computer with a computer friendly IP address such as 173.194.37.37, which is one of google's IP addresses. Copy and paste that into your browser's address bar and it will take you to google.
What is happening is the malware is "poisoning" the DNS server entries that the computer looks to when asking for an IP address. By doing that they can force the computer to instead of going to actually google's IP address and subsequently google's servers but go to another bank of servers instead. They were doing this to force traffic to advertisements in order to get more hits and therefore more money.
When they got busted the FBI set up DNS valid servers at the "poisoned" addresses so that computers infected with the virus would query those DNS servers and be pointed to the actual addresses of the site. The FBI will be shutting down those DNS servers on July 9th, since those DNS server addresses will no longer be available, it WILL essentially "shut down the internet" for any user that is infected with the malware but there is not a mass conspiracy to "shut down the internet"

I have a master's in Data assurance and I work as a network engineer. I also have network forensics experience.
 

·
Registered
Joined
·
369 Posts
Discussion Starter · #3 ·
Thanks for the clarification. Is it true that if people are using these servers, and they have not checked their computers and changed to their default servers, that they will not have internet service after 7/9/12?
 

·
Registered
Joined
·
16 Posts
amym505 said:
Thanks for the clarification. Is it true that if people are using these servers, and they have not checked their computers and changed to their default servers, that they will not have internet service after 7/9/12?
You got it, sort of. Your internet service won't cease to function but you won't be able to browse web pages. If you connected a non-infected computer to the internet connection or there are computers on your network that aren't infected they will still work. Anything that does not rely on Fully Qualified Domain Names such as Google.com (or anything with a .org, .com etc) will work. Mainly internet phone services, ICQ, AIM and those types of applications. Also anything relying on other protocols not IP should work as well, but thats getting REALLY into the deep crevices of networking.

If you are concerned about being infected:
Click Start then run, type in CMD and hit enter on XP and earlier
Click the widnows icon and type CMD into the "start search" box and click cmd.exe in the listing on Vista and Windows 7
at the prompt type in IPCONFIG /all the press enter
see attachment
you will get a report similar to this:

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82567LM Gigabit Network Connecti
on
Physical Address. . . . . . . . . : --
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 0.0.0.0(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, May 24, 2012 1:13:56 PM
Lease Expires . . . . . . . . . . : Sunday, May 27, 2012 1:13:58 PM
Default Gateway . . . . . . . . . : 0.0.0.0
DHCP Server . . . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 0.0.0.0
0.0.0.0
0.0.0.0

Primary WINS Server . . . . . . . : 0.0.0.0
Secondary WINS Server . . . . . . : 0.0.0.0
0.0.0.0
NetBIOS over Tcpip. . . . . . . . : Enabled

In red are the DNS server addresses you will need to check (sorry had to edit mine, work wouldn't appreciate that!)
A note that if you are using a router and your DNS is 192.168.(0,1 or 2).(something) you may need to log into the router and check those settings. Refer to the router documentation to check there. Yes the virus is able to infect routers.

go here to check your DNS settings.
https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS
 

Attachments

·
Registered
Joined
·
16 Posts
Oh yeah, check with your ISP if you are infected, as a short term solution manually change the DNS servers to what they should be. Then get a local IT guy with knowledge of the problem to fix it. There is a removal tool (don't have a link) that will remove the virus without formatting the computer.
 

·
Registered
Joined
·
369 Posts
Discussion Starter · #7 ·
Thanks so much for the information. I have just enough computer knowledge to turn it on. Otherwise I am a complete computer idiot. Information in plain English is greatly appreciated. Thanks again.
 
1 - 8 of 8 Posts
Top