Computersnyou

are you infected with DNS changer malware [ security ]

Posted on  7/6/2012

INTRO ( source f-secure ) 

DNSChanger is a trojan that will change the infected system’s Domain Name Server (DNS) settings, in order to divert traffic to unsolicited, and potentially illegal sites.
The trojan is usually a small file (about 1.5 kilobytes) that is designed to change the ‘NameServer’ Registry key value to a custom IP address. This IP address is usually encrypted in the body of a trojan. As a result of this change a victim’s computer will contact the newly assigned DNS server to resolve names of different webservers.

<pre style="background-color: #f2f2f2; border-bottom-left-radius: 4px; border-bottom-right-radius: 4px; border-top-left-radius: 4px; border-top-right-radius: 4px; border: 1px solid rgb(222, 222, 222); color: rgba(0, 0, 0, 0.589844); font-family: Menlo, Monaco, 'Courier New', monospace; font-size: 12.95px; line-height: 21px; outline: 0px; padding: 10px; vertical-align: baseline; white-space: pre-wrap; word-break: break-all; word-wrap: break-word;">Top DNS Changer Infections by Country</pre>

<pre style="background-color: #f2f2f2; border-bottom-left-radius: 4px; border-bottom-right-radius: 4px; border-top-left-radius: 4px; border-top-right-radius: 4px; border: 1px solid rgb(222, 222, 222); color: rgba(0, 0, 0, 0.59375); font-family: Menlo, Monaco, 'Courier New', monospace; font-size: 12.95px; line-height: 21px; outline: 0px; padding: 10px; text-align: -webkit-auto; vertical-align: baseline; white-space: pre-wrap; word-break: break-all; word-wrap: break-word;">+----+------------+<br />| cc | unique_ips |<br />+----+------------+<br />| US |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 69517 |<br />| IT |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 26494 |<br />| IN |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 21302 |<br />| GB |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 19589 |<br />| DE |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 18427 |<br />| FR |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 10454 |<br />| CN |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 10304 |<br />| ES |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 10213 |<br />| CA |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 8924 |<br />| AU |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 8518 |<br />| MX |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 7054 |<br />| AR |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 6078 |<br />| BR |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 6074 |<br />| JP |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 5867 |<br />| PL |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 4916 |<br />| RU |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 4383 |<br />| HU |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 4021 |<br />| TR |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 3884 |<br />| TH |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2941 |<br />| CZ |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2134 |<br />| CL |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2004 |<br />| GR |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1886 |<br />| NL |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1733 |<br />| BE |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1721 |<br />| PK |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1682 |<br />+----+------------+<br /><br />link : <a href="http://www.dcwg.org/top-dns-changer-infections-by-country/" style="text-align: left;">http://www.dcwg.org/top-dns-changer-infections-by-country/</a></pre>

<p>
  As&nbsp;Posted&nbsp;on &nbsp;FBI site check your pc
</p>

<div>
  <a href="https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS">https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS</a>&nbsp;
</div>

<div>
  </p> 
  
  <div>
  </div>
  
  <div>
    http://www.dns-ok.us/
  </div>
  
  <div>
    http://www.dns-ok.de/
  </div>
  
  <div>
    http://www.dns-ok.fi/
  </div>
  
  <div>
    http://www.dns-ok.ax/
  </div>
  
  <div>
    http://www.dns-ok.be/
  </div>
  
  <div>
    http://www.dns-ok.fr/
  </div>
  
  <div>
    http://www.dns-ok.ca/
  </div>
  
  <div>
    http://www.dns-ok.lu/
  </div>
  
  <div>
    <span style="background-color: white;">http://dns-ok.nl/</span><span class="Apple-tab-span" style="background-color: white; white-space: pre;"> </span><span style="background-color: white;">Dutch/English</span><span class="Apple-tab-span" style="background-color: white; white-space: pre;"> </span><span style="background-color: white;">SIDN</span>
  </div>
  
  <div>
  </div>
  
  <p>
    get the all related info&nbsp; <a href="http://www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-malware.pdf">http://www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-malware.pdf</a>&nbsp;&nbsp;</div> 
    
    <div>
      as posted in details on &nbsp;f-secure blog :&nbsp;
    </div>
    
    <div>
      <a href="http://www.f-secure.com/v-descs/trojan_osx_dnschanger.shtml">http://www.f-secure.com/v-descs/trojan_osx_dnschanger.shtml</a>&nbsp;
    </div>
    
    <div>
      <a href="http://www.f-secure.com/v-descs/dnschang.shtml">http://www.f-secure.com/v-descs/dnschang.shtml</a>&nbsp;
    </div>
    
    <div>
    </div>
    
    <div class="separator" style="clear: both; text-align: center;">
      <a href="http://2.bp.blogspot.com/-v5kTpU8s624/T_aOmcDWRVI/AAAAAAAAFec/2YK9TO6EHEQ/s1600/dns_changer.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="197" src="http://2.bp.blogspot.com/-v5kTpU8s624/T_aOmcDWRVI/AAAAAAAAFec/2YK9TO6EHEQ/s400/dns_changer.png" width="400" /></a>
    </div>
    
    <p>
    </p>
    
    <div class="separator" style="clear: both; text-align: center;">
      <a href="http://1.bp.blogspot.com/-twbrMBW4KqA/T_aOuPIY3RI/AAAAAAAAFek/P5-N53pDkL8/s1600/dns.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="356" src="http://1.bp.blogspot.com/-twbrMBW4KqA/T_aOuPIY3RI/AAAAAAAAFek/P5-N53pDkL8/s400/dns.png" width="400" /></a>
    </div>
    
    <div>
      other resources and link&nbsp;
    </div>
    
    <div>
      <a href="http://news.discovery.com/tech/dns-changer-fbi-warning-july-9-doomsday-120426.html">http://news.discovery.com/tech/dns-changer-fbi-warning-july-9-doomsday-120426.html</a>
    </div></div> </div>

  • Home
  • About