Malware unleashed on Monday?

SteveLord

Malware may knock thousands off Internet on Monday - Yahoo! News


Someone called me and asked me about this today. I do not recall hearing anything about this and couldn't find it referenced in here or any of my tech sites.

The FBI has a site setup to scan your computer for it. Part of me would rather take my chances with the malware though.

Roguetadhg

If something happens, I'll just nuke it and pave over.

Slowhand

This has been popping up in the news over the last few months. It's an attempt to snuff out a piece of malware that was floating around for a long time that pointed infected machines to a particular set of DNS servers. The FBI took control of the spoofed servers and are going to be shutting them down. Anyone still infected by that malware will no longer be able to find those servers and will have to clean up their machines before being able to access the Internet again.

Basically, expect a call from your Comet-Cursor-loving grandma on Monday in a panic, wondering why her computer isn't working.

Roguetadhg

Hah. Mouse tails!

I remember sitting around watching my computer get dragged mercilessly to the ground with the tail.

MentholMoose

The malware was DNSChanger and as the name implies, it configured infected PCs to use DNS servers controlled by the malware authors. Last year they got busted by the FBI who replaced the DNS servers with good ones, so name resolution would continue to work on infected PCs. So now the problem is the FBI needs to shut down those servers, and a lot of people haven't fixed their PC yet. It is an interesting situation.

F-Secure has an article and poll:
Should the FBI be reauthorized to continue DNSChanger servers? - F-Secure Weblog : News from the Lab

paulgswanson

I love how their answer is when you go to select sites(that agreed to help fix it) it says:
"You are infected Click here to fix"
Isn't that how most of them got screwed up in the first place?

JDMurray

Google has been working to identify the misconfigured hosts to their owners. I haven't seen any updated stats on how many machines are still hitting those DNS addresses. I'll guess that 99.9% of the remaining hosts are home-based client systems and not critical servers.

DNSChanger: Zlob trojan - Wikipedia, the free encyclopedia

DNSChanger victims to lose internet on Monday - The H Security: News and Features

MentholMoose

The F-Secure link has stats from June 11. They say 300,000 machines still use those DNS servers.

tpatt100

LOL Comet Cursor been ages since I have seen that program.

JDMurray

More references:

http://www.fbi.gov/DNS-malware.pdf
https://www.us-cert.gov/reading_room/trojan-recovery.pdf

phoeneous

It would really suck if DNS Changer Check-Up - Clean gets compromised...

phoeneous

phoeneous wrote: »

It would really suck if DNS Changer Check-Up - Clean gets compromised...

And now it's down! Doh!

bigdogz

It is just no longer active. The government cut the deadline on Monday ergo the name Malware Monday.

JDMurray

The last thing Malware/Adware/Spware producers want is people being kicked off the Internet.

Zartanasaurus

I guess anyone who doesn't post today is infected!

JDMurray

Good reader comments:

DNS Changer Trojan Deadline a Non Event - Monday Arrives and The Internet Didn't End | DSLReports.com, ISP Information