Computersnyou

are you infected with DNS changer malware [ security ]

Posted on  7/6/2012

INTRO ( source f-secure ) 

DNSChanger is a trojan that will change the infected system’s Domain Name Server (DNS) settings, in order to divert traffic to unsolicited, and potentially illegal sites.
The trojan is usually a small file (about 1.5 kilobytes) that is designed to change the ‘NameServer’ Registry key value to a custom IP address. This IP address is usually encrypted in the body of a trojan. As a result of this change a victim’s computer will contact the newly assigned DNS server to resolve names of different webservers.

<pre style="background-color: #f2f2f2; border-bottom-left-radius: 4px; border-bottom-right-radius: 4px; border-top-left-radius: 4px; border-top-right-radius: 4px; border: 1px solid rgb(222, 222, 222); color: rgba(0, 0, 0, 0.589844); font-family: Menlo, Monaco, 'Courier New', monospace; font-size: 12.95px; line-height: 21px; outline: 0px; padding: 10px; vertical-align: baseline; white-space: pre-wrap; word-break: break-all; word-wrap: break-word;">Top DNS Changer Infections by Country</pre>

<pre style="background-color: #f2f2f2; border-bottom-left-radius: 4px; border-bottom-right-radius: 4px; border-top-left-radius: 4px; border-top-right-radius: 4px; border: 1px solid rgb(222, 222, 222); color: rgba(0, 0, 0, 0.59375); font-family: Menlo, Monaco, 'Courier New', monospace; font-size: 12.95px; line-height: 21px; outline: 0px; padding: 10px; text-align: -webkit-auto; vertical-align: baseline; white-space: pre-wrap; word-break: break-all; word-wrap: break-word;">+----+------------+<br />| cc | unique_ips |<br />+----+------------+<br />| US |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 69517 |<br />| IT |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 26494 |<br />| IN |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 21302 |<br />| GB |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 19589 |<br />| DE |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 18427 |<br />| FR |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 10454 |<br />| CN |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 10304 |<br />| ES |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 10213 |<br />| CA |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 8924 |<br />| AU |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 8518 |<br />| MX |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 7054 |<br />| AR |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 6078 |<br />| BR |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 6074 |<br />| JP |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 5867 |<br />| PL |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 4916 |<br />| RU |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 4383 |<br />| HU |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 4021 |<br />| TR |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 3884 |<br />| TH |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2941 |<br />| CZ |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2134 |<br />| CL |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2004 |<br />| GR |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1886 |<br />| NL |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1733 |<br />| BE |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1721 |<br />| PK |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1682 |<br />+----+------------+<br /><br />link : <a href="http://www.dcwg.org/top-dns-changer-infections-by-country/" style="text-align: left;">http://www.dcwg.org/top-dns-changer-infections-by-country/</a></pre>

<p>
  As&nbsp;Posted&nbsp;on &nbsp;FBI site check your pc
</p>

<div>
  <a href="https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS">https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS</a>&nbsp;
</div>

<div>
  </p> 
  
  <div>
  </div>
  
  <div>
    http://www.dns-ok.us/
  </div>
  
  <div>
    http://www.dns-ok.de/
  </div>
  
  <div>
    http://www.dns-ok.fi/
  </div>
  
  <div>
    http://www.dns-ok.ax/
  </div>
  
  <div>
    http://www.dns-ok.be/
  </div>
  
  <div>
    http://www.dns-ok.fr/
  </div>
  
  <div>
    http://www.dns-ok.ca/
  </div>
  
  <div>
    http://www.dns-ok.lu/
  </div>
  
  <div>
    <span style="background-color: white;">http://dns-ok.nl/</span><span class="Apple-tab-span" style="background-color: white; white-space: pre;"> </span><span style="background-color: white;">Dutch/English</span><span class="Apple-tab-span" style="background-color: white; white-space: pre;"> </span><span style="background-color: white;">SIDN</span>
  </div>
  
  <div>
  </div>
  
  <p>
    get the all related info&nbsp; <a href="http://www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-malware.pdf">http://www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-malware.pdf</a>&nbsp;&nbsp;</div> 
    
    <div>
      as posted in details on &nbsp;f-secure blog :&nbsp;
    </div>
    
    <div>
      <a href="http://www.f-secure.com/v-descs/trojan_osx_dnschanger.shtml">http://www.f-secure.com/v-descs/trojan_osx_dnschanger.shtml</a>&nbsp;
    </div>
    
    <div>
      <a href="http://www.f-secure.com/v-descs/dnschang.shtml">http://www.f-secure.com/v-descs/dnschang.shtml</a>&nbsp;
    </div>
    
    <div>
    </div>
    
    <div class="separator" style="clear: both; text-align: center;">
      <a href="http://2.bp.blogspot.com/-v5kTpU8s624/T_aOmcDWRVI/AAAAAAAAFec/2YK9TO6EHEQ/s1600/dns_changer.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="197" src="http://2.bp.blogspot.com/-v5kTpU8s624/T_aOmcDWRVI/AAAAAAAAFec/2YK9TO6EHEQ/s400/dns_changer.png" width="400" /></a>
    </div>
    
    <p>
    </p>
    
    <div class="separator" style="clear: both; text-align: center;">
      <a href="http://1.bp.blogspot.com/-twbrMBW4KqA/T_aOuPIY3RI/AAAAAAAAFek/P5-N53pDkL8/s1600/dns.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="356" src="http://1.bp.blogspot.com/-twbrMBW4KqA/T_aOuPIY3RI/AAAAAAAAFek/P5-N53pDkL8/s400/dns.png" width="400" /></a>
    </div>
    
    <div>
      other resources and link&nbsp;
    </div>
    
    <div>
      <a href="http://news.discovery.com/tech/dns-changer-fbi-warning-july-9-doomsday-120426.html">http://news.discovery.com/tech/dns-changer-fbi-warning-july-9-doomsday-120426.html</a>
    </div></div> </div>

  • Home
  • Home
  • Home
About
lorem lasda asda adasd adsad lorem lasda asda adasd adsad lorem lasda asda adasd adsad lorem lasda asda adasd adsad lorem lasda asda adasd adsad lorem lasda asda adasd adsad