Alureon is a DNSChanger Malware
that redirects web surfers’ away from trusted websites to spoof websites, is
now threatening to blackout over a quarter-million computers from the Internet
on Monday (July 9).
Please don't panic!! Tech Strip
is here to help you understand about the malware and the ways to detect and
remove it, if your system is infected.
What is a
DNSChanger?
DNSChanger is a
Trojan horse malware with many variants. It changes an infected computer's DNS
settings to point to rogue, bad guy-controlled servers. These then show you ads
that look real, but aren't. Basically, it redirects your legitimate Web surfing
to malicious Web sites that then attempt to steal personal information and
generate illegitimate ad revenue.
What does
DNSChanger do?
DNSChanger changes your Domain Name System settings without your permission. This is bad because DNS is basically the Internet's phone book crossed with a map. DNS links a URL, such as CNET.com, to an IP address. (An IPv4 address would be something like 192.1.56.10, while an IPv6 address would look like 1050:0:0:0:5:600:300c:326b.) DNSChanger changes that and redirects search results and URLs to malicious sites that are designed to either serve you ads to malicious sites, or intend to illegitimately collect your login information.
How much money
did DNSChanger make?
From the time it
was discovered around 2007 until six Estonian scammers were caught in November
2011, DNSChanger
scored them upwards of $14 million, reportedly.
If the bad guys have been caught already, why does DNSChanger
still affect people?
Simply put, the malware was exceedingly effective and infected hundreds of thousands of computers. Prior to the bad guys being arrested, the Federal Bureau of Investigation and German Federal Office for Information Security created a redirect of the redirect, so that many people infected by DNSChanger would still go to the legitimate Web sites that they intended to visit.
After the arrests, the two governments agreed to keep the rogue
DNS servers running until March. Then they learned that there were still around
450,000 active DNSChanger infections, and so the servers got a reprieve until
Monday, July 9.
If your computer's been infected and you haven't fixed it by July
8, your Monday morning will be even worse than normal.
So the Facebook alerts and Google warnings about DNSChanger were legit?
Yep. And around
330,000 people were still infected with DNSChanger as
of the end of May, with about 77,000 of those in the
U.S.
 |
| Google's warning that appeared at the top of search results. |
How can I tell if
I'm infected?
If you're in the
United States, go to dns-ok.us or
its parent site. For computers based outside of the U.S. click on DNSChanger
Working Group and you'll see
an image with a green background if you're clean. A red background means you're
infected.
Help! My
computer's infected with DNSChanger. How can I fix it?
The DCWG has a list of free tools to download and
instructions on how to clean a computer infected with DNSChanger.
How can I avoid
malware like DNSChanger in the future?
Security suites
aren't perfect, but they will protect you from the vast majority of threats out
there including DNSChanger. Whether you're on Windows or Mac, Android or iOS, you really ought to have some kind of
security program installed. And always double-check the URL before entering
personal information into any kind of online text field or form, no matter what
operating system or device you're using.
No comments:
Post a Comment