29 Ağustos 2012 Çarşamba

DNSChanger - Last Call on Cleanup

UPDATE (7/9/2012):
Thank you Barry Greene and the DCWG. The DCWG-run DNS servers have been taken down:

"On 12:01 Eastern Time on Monday July 9th 2012, the DCWG stop responding to DNS queries from infected machines. This is in compliance with the US Justice Department Court Order authorizing the clean DNS servers.

At 12:23 Eastern Time on Monday July 9th 2012, the server started to reply to all DNS request with an ICMP Unreachable. This would help infected computers troubleshot their problem is they find they cannot access DNS servers."

**************************************************

Here we are. It's the last call on DNSChanger cleanup. On Monday, the Fbi-run replacement DNS servers are coming down because the court-ordered extension is coming to an end, and your systems may using these servers for resolution. There are a set of sites that may unreliably help you identify whether your machine or router continues to maintain DNS settings to the "DNSChanger" operators' servers. This unreliability is partly because upstream major internet backbone providers have created unintended confusion, and partly because of poor/ineffective web-side detection implementations.

In the US, 60k hosts are reported to require that their DNS settings remain to be changed. How many of those systems are truly "infected"? No one knows. And, the number could be inflated. It could be that none of these systems are infected. Or all of them could be infected. Perhaps all LAN-side systems behind home and corporate routers, or systems cleaned of malware that may still maintain artifacts of this infection, continue to use Rove Digital servers for DNS resolution.

In other words, it doesn't mean you have pneumonia, but you still have a cough. And it makes you extraordinarily more likely to get sick again. Some vendors' products, like here at Kaspersky, have been detecting the artifact DNSChanger settings on effected machines and offering to reconfigure these settings to a set of "clean" DNS servers. This DNS reset routine is presented by Kaspersky Endpoint Security 8.0 and 2010+ home products with this popup for "Trojan.Multi.DNSChanger.Gen":

Just click on "Yes" and your system's DNS settings will be reconfigured to use DHCP-assigned or clean, open DNS services. After host-side reconfiguration, it still would be interesting to visit the www.dns-ok.us sites to find out if your home router is still maliciously configured.

nod32 keyleri nod32 keyler nod32 key

Gönderen zaman:

Hiç yorum yok:

Yorum Gönder

Kaydol: Kayıt Yorumları (Atom)