FBI Warns Computer Users

[Cypress Sun]

I saw this in the newspaper this morning. The following is a link to the same story albeit a different source Computer virus story

 

The claim is that the infected computers will cease to have access to the internet after July 9th unless they get a "fix" at their "security" provider........Sounds kind of fishy to me.

 

CS

[Marshal Dan Troop 70448]

I just finished reading that same story, it was on page 2 and then in business section also. MT

[Hacker, SASS #55963]

Why can't they tell mcafee/norton etc?

Or is this a mass attempt to INSTALL not cure a new government sponsored snooper virus that doj has to monitor our private communications.

 

Or is my paranoia showing.

No not me.

[Sgt. C.J. Sabre, SASS #46770]

I'm not buying it. A virus that takes several MONTHS to activate?

[Four-Eyed Buck,SASS #14795]

Sounds like BS to me

[Clay Mosby]

Tried looking it up on snopes and couldn't find anything. No way I'm trying it without verification. Sounds way to Big Brother for me!!!!

 

 

[Utah Bob #35998]

I guess I'll wait till July 9th and buy a new computer.

[Hacker, SASS #55963]

Here is a link to a USA Today article

 

USA Today story

 

And one from NY Daily News

 

NY Daily News article

 

And one from CNET

 

CNET article

 

And one from PC Magazine

 

PC Magazine

[Bugscuffle]

Why not just change the date on your computer to say Feb 5, 2011 and then wait to see if everyone else looses their internet access. If they do, you can then download "Big Brother's" fix. If they don't, then just keep motoring on. Your computer does not know what date it really is. It only knows what date you tell it it is. There is no mechanism on the internet to change the date on your computer. Don't believe me? Change the date right now and then check it again tomorow and see if it corrected itself. That, of course, is assuming that the malware is set to activate on July 9. If it is that the "protective net" that the FBI set up will stop operating on that date, then changing the date will not help. Yes, malware can be set to activate months after the introduction into the computer.

[Hacker, SASS #55963]

Bugs, Not quite true. There are what are known as date/time servers. But they are servers. This means that your PC needs to initiate the conversation.

IE your pc must contact to a date time server. That is that part that windows is missing.

There are UDP and TCP based date/time servers that you send your time in a format and they send their time in a format back to you .

That permits you to compute the round trip time. So you can get accurate time.

[Calamity Kris]

I'm a DBA by day. With my limited knowledge of servers, the PC Magazine article outlines a test and a fix for you, without dealing with big brother.

 

"The good news is that fixing DNSChanger is pretty easy. PCMag's Fahmida Y. Rashid explained how to go about identifying and removing the malware from your computer last month.

How to Save Your Connection"

 

**********************************************************************************************************

"While the DNS Changer Working Group has provided step-by-step instructions for Windows XP, Mac OS X, and Windows 7 machines to check for an infection, a number of services and tools have popped up to make detection a fairly straightforward process.

 

The DNSChanger Eye Chart is one such tool. If the user on an infected computer goes to the site, the image on the page is displayed with a red background. If the machine is clean, the image has a green background. The eye chart will also show a red image if the home router is infected, even if the computer itself is clean.

 

Avira released a free tool for Windows systems that detects whether the computer is configured to use one of the temporary DNS servers. Despite the name, however, the Avira DNS Repair Tool is just a diagnostic tool and won't be able to remove the Trojan if it exists.

 

The FBI also has a lookup form on its website. The user can type in the IP address of the DNS server configured on the machine to find out if it is one of the malicious ones identified by law enforcement authorities.

 

Removing DNSChanger

Once the infection has been found, the next step is to remove it. Because DNSChanger is a rootkit, removing it not as simple as running an antivirus. One option is to reinstall the operating system and start over from scratch. Kaspersky Lab offers TDSSKiller, a rootkit removal tool, which can also detect DNSChanger and remove it from infected systems.

 

Some ISPs, such as Comcast, are offering $100+ services to remove the infection for their customers. Concerned users should reach out to their ISPs for similar services.

 

The government does not expect average users to clean up their systems, however.

 

"Users who believe their computers may be infected should contact a computer professional," to remove the Trojan, the FBI recommended in its working paper. If you discover that your system is among the nearly half a million infected systems and doubt your own ability to clean it up, DCWG has links to organizations that can help with DNSChanger removal on its website."

**********************************************************************************************************

 

Sounds to me like your first step is to run one of the detection programs listed in the article to determine if you have the virus. If you do, take measures like outlined above to eradicate it. Go to the article in the PC Mag fix for active links.

 

I'm fairly certain I don't have it but I'll get my Mac checked to be sure, then I'll use one of the online solutions to fix it. No need for Big Brother......

 

I'm clean so no worries about the virus.

[Pay Dirt Norvelle #90056]

I have already run the detection program and it showed me as clean. I may run it again later just to be on the safe side.

[Gunner Gatlin, SASS 10274L]

If it's true we undoubtedly will hear more about it as the date gets closer.

 

GG ~

[Dark Ranger]

WELL....BYE~~

[Dark Ranger]

Sounds like another hold them hostage scam to me.I'll call comcast and tell them if i get it i'll be getting rid of them!

[Old Scatterbrain]

The number of victims is hard to pinpoint, but the FBI believes that on the day of the arrests, at least 568,000 unique Internet addresses were using the rogue servers. Five months later, FBI estimates that the number is down to at least 360,000. The U.S. has the most, about 85,000, federal authorities said. Other countries with more than 20,000 each include Italy, India, England and Germany. Smaller numbers are online in Spain, France, Canada, China and Mexico.

Fairly small number; I'll take my chances.

[Bugscuffle]

I have already run the detection program and it showed me as clean. I may run it again later just to be on the safe side.

 

I ran the detection program yesterday and it said that I was O.K. Today I am trying to access the same site that I went to yesterday and I get an error message that the security certificate for that site has expired. It also times out and tells me that the page could not be found. What's up with this? Are we all being spoofed here, or have the hackers found a really good way to get us to go to them? Has anyone actually asked the F.B.I. if this is for real?

[Bama Red]

I've had no problem getting back to the detection program again today and I get the same result as I did yesterday. No warnings about expired certificates or any other problems, either.

[Ghost Dancer,SASS #17672]

I received an "E" from my high speed internet provider yesterday. Today I read the same information in the local newspaper. I keyed the link and found Norton Power Eraser listed under free service. I use Norton for PC security so I downloaded it. Norton immediately popped up indicating the download was safe. I then followed up on the "eraser" prompts, and it took two computer shutdowns and about ten minutes of time to show me clean, and it fixed two other items. Ignore the notices or wait as you wish. I am convinced that this is a legitimate, possible problem, warning and solution - for free.

[Tucumcari Tim]

I'm sure that I'm not the only one that has considered that the "fix" could be something besides that, using a facade page or link.

TT

[SlicLee SASS #16638 Life]

Worse comes to worser-reinstall your OPERATING SYSTEM AND OTHER GOODIES

[Gunner Gatlin, SASS 10274L]

Looks good on my side

 

GG ~