By Bill Pytlovany
FBI Has Good Guys but Your Time is Limited
There have been a number of articles about what we all call the DNS Changer infection. PC World recently estimated 350,000 systems are still affected and on July 9th will no longer have internet access. It’s rare that we credit government agencies for doing good and few authors have given our justice dept credit for how they handled this malware. If not for a decision by this agency millions of infected computers would have suddenly lost their internet last year with no warning.
Last year the FBI went after a criminal group that had infected computers around the world leaving what’s typically called a “bot”. The virus creating the bot gave multiple criminal groups complete control over the infected computers. One of the many changes they made was to the computers “DNS look up address”. This is the location your browser goes first to find the numeric address of a website. When you type in “www.WinPatrol.com”, a legitimate DNS server will direct your browser to my server address, 22.214.171.124. The default setting will take you to a DNS look-up server managed by the company who provides you with Internet access.
If you were infected by the DNS Changer last year your browser would often redirect you to fake websites. These websites may just contain advertising or be duplicates of the original setup so they can steal your password or credit card data. In many cases, the sites encouraged you to download software that would not only steal additional information it would often require you to pay a fee to have it removed. Instead of downloading WinPatrol like you expected you’d get what we called ExtortionWare or ScareWare. Even if you paid the extortion they wouldn’t help and you’d find important documents still encrypted.
This post is excerpted with Bill’s permission from his blog