[HOBOcs]

I heard this announcment this morning and I am not sure what to make of it.
I will try and find more info and post a follow-up.


Associated Press - Hundreds of thousands may lose Internet in July
By LOLITA C. BALDOR, Associated Press – 21 hours ago
WASHINGTON (AP) — For computer users, a few mouse clicks could mean the difference between staying online and losing Internet connections this summer.

Unknown to most of them, their problem began when international hackers ran an online advertising scam to take control of infected computers around the world. In a highly unusual response, the FBI set up a safety net months ago using government computers to prevent Internet disruptions for those infected users. But that system is to be shut down.

The FBI is encouraging users to visit a website run by its security partner, http://www.dcwg.org , that will inform them whether they're infected and explain how to fix the problem. After July 9, infected users won't be able to connect to the Internet.

Full Google Article

[Ent]

Methinks they're doing it wrong. They shouldn't be running the servers to keep people trundling along as though nothing is wrong. They should redirect every single hit to a page explaining that the computer was infected and how to go about resolving it. Then they wouldn't leave everyone in the lurch with no idea what's wrong once they finally pull out.

[Elvandil]

Quote:

Originally Posted by Ent

Methinks they're doing it wrong. They shouldn't be running the servers to keep people trundling along as though nothing is wrong. They should redirect every single hit to a page explaining that the computer was infected and how to go about resolving it. Then they wouldn't leave everyone in the lurch with no idea what's wrong once they finally pull out.

That would work if there were a human looking at every page. But automated systems only go to the sites and no one would be there to see the message.

In any case, their servers have been running for several months now, so too late to change plans. It was a better plan than just taking down the crooks and having all those people lose internet and not know why.

[catlover2]

Quote:

Originally Posted by Ent

Methinks they're doing it wrong. They shouldn't be running the servers to keep people trundling along as though nothing is wrong. They should redirect every single hit to a page explaining that the computer was infected and how to go about resolving it. Then they wouldn't leave everyone in the lurch with no idea what's wrong once they finally pull out.

If my Windows installation was indeed infected and I got redirected to some page that was telling me my computer was infected, I would end up thinking that the page I got redirected to was a scam and a result of the virus. I suppose that this de-infection scheme might be more effective on people less computer-savvy than me, but it would seem rather odd to me.

Just my $0.02

[LadyDragon]

http://www.fbi.gov/news/stories/2011...malware_110911

Operation Ghost Click

For more information: http://www.fbi.gov/news/stories/2007...rspeech_110607

[Ent]

Quote:

Originally Posted by catlover2

If my Windows installation was indeed infected and I got redirected to some page that was telling me my computer was infected, I would end up thinking that the page I got redirected to was a scam and a result of the virus. I suppose that this de-infection scheme might be more effective on people less computer-savvy than me, but it would seem rather odd to me.

Just my $0.02

Of course you would. So would I. But then I'd set about removing the infection, so it still gets the message across. What they want to avoid is people having no idea why "the internet is broken".
I'm just thinking that announcements like this won't reach most of those hundreds of thousands of users, so they'll be left as confused a few months later.

Quote:

Originally Posted by Elvandil

That would work if there were a human looking at every page. But automated systems only go to the sites and no one would be there to see the message.

But most home users don't operate automated web crawlers, and if someone who does still gets an infection then shame on them.

[TechGuy]

I agree. I need to read more about it, but why would they set up a system to hide the problem from infected users? I understand that in doing so they are preventing machines from going to whatever IP the bad guys wanted... but, as Ent said, they should have instead redirected folks to a warning page, not cover up the problem.

[HOBOcs]

This really hit me as strange... is it a hoax or a means to collect other computer data and why haven't we heard more from other tech security sources. Highly suspicious still.

I agree as well that a warning and a redirect to what you can do.

Note: the article here....

http://www.fbi.gov/news/stories/2011...malware_110911

did mention - "Users who believe their computers may be infected should contact a computer professional.". (ok, so I assume we "computer Professionals" need to use our own utilities to seek out and resolve this in the normal fashion )

[Ent]

http://www.pcmag.com/article2/0,2817,2403364,00.asp
http://mashable.com/2012/02/17/fbi-dns-servers/
http://www.dns-ok.us/

Or of course
http://www.google.co.uk/search?q=FBI...ive&as_qdr=all

Actually, on reading into it a bit more it seems that the malware is a rootkit and therefore quite tricky to remove.

[JustJudy]

You can test your IP to see if it's one that is being rerouted:
For more information visit:
- http://www.dcwg.org/
- https://forms.fbi.gov/check-to-see-i...sing-rogue-DNS

Jim I thought the same thing when I first read about it. This has been a known problem for quite some time but why weren't we made aware of it sooner? It does seem highly suspicious.

[HOBOcs]

Quote:

Originally Posted by Ent

http://www.pcmag.com/article2/0,2817,2403364,00.asp
http://mashable.com/2012/02/17/fbi-dns-servers/
http://www.dns-ok.us/

Or of course
http://www.google.co.uk/search?q=FBI...ive&as_qdr=all

Actually, on reading into it a bit more it seems that the malware is a rootkit and therefore quite tricky to remove.

FYI - I'm seeing more of a variant of the Rootkit - "Zero Access" (tough one) lately - which may be related.

[dam123dam]

I checked my computer it seems ok.

[sepala]

More info

http://www.newsplex.com/home/headlines/148955045.html

[sharky]

Does a computer get the Trojan "Alureon.E" that eventually turns into the DNS Changer?

[DoubleHelix]

This is such an infinitesimally small problem that it's hardly worth discussing. Leave it to the US government to blow it totally out of proportion. The number of computers affected isn't even statistically significant.