Infected PCs may lose Internet in July

[robert l. bentham]

i know everybody gonna hurry right over and have their computer "infected"... i mean err "inspected"...​

​

Unknown to most of them, their problem began when international hackers ran an online advertising scam to take control of infected computers around the world. In a highly unusual response, the FBI set up a safety net months ago using government computers to prevent Internet disruptions​

The FBI is encouraging users to visit a website run by its security partner, http://www.dcwg.org, that will inform them whether they're infected and explain how to fix the problem. After July 9, infected users won't be able to connect to the Internet.​

Most victims don't even know their computers have been infected, although the malicious software probably has slowed their web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.​

Last November, the FBI and other authorities were preparing to take down a hacker ring that had been running an Internet ad scam on a massive network of infected computers.​

​

http://www.usatoday.com/tech/news/s...et-woes-infected-pcs/54446044/1?csp=obnetwork​

​

as always... the comments are priceless...​

 

[cecilia]

i use linux

 

[FluffyMcDeath]

Why didn't the FBI just forward all users to an FBI page explaining things? I'm pretty sure users would have got their machines fixed pretty darn quick that way.

 

[minator]

i use linux

No OS is immune to viruses.

 

[metalman]

they should have just said what the virus was

Sounds like the search engine redirect scam

uses the host file to redirect IP to a fake site
C:\Windows\System32\drivers\etc under the name ‘hosts’

they enter redirect IP's for google, yahoo, bing, ... so searches end up on their fake site

An unmodified HOSTS file should only contain the IP address 127.0.0.1 localhost

a hijacked host file will have IP and domain names entered for a list of search engines

 

[cecilia]

No OS is immune to viruses.

no, but mine is just more unlikely

 

[ilwrath]

they should have just said what the virus was

Sounds like the search engine redirect scam

uses the host file to redirect IP to a fake site
C:\Windows\System32\drivers\etc under the name ‘hosts’

they enter redirect IP's for google, yahoo, bing, ... so searches end up on their fake site

An unmodified HOSTS file should only contain the IP address 127.0.0.1 localhost

a hijacked host file will have IP and domain names entered for a list of search engines

It's not, though. This is an actual change to the DNS server your PC looks to for resolution. And indeed, that is the point. They are shutting down those DNS servers that the infected PCs are using for resolution. Any PCs left pointing to that DNS after deadline will suddenly lose DNS resolution, and every single site will come back as unavailable.

Also, beware, there is a new generation of DNS trojan out there that this article fails to mention. It actually transparently substitutes a poisoned IP address from what looks like a valid lookup.

For example, say my real DNS server is 1.2.3.4. I run nslookup. My PC confirms:
Default Server: dns.mydomain.com
Address: 1.2.3.4

HOSTS file is empty, and all looks good, right? Throw in a normal query, and you get the proper response for its address. But, throw in a request for www.google.com, and BINGO! A poisoned response is returned pretending to be the non-authoritative answer from 1.2.3.4. PC shows no other outward signs of problems. Any virus check from within the infected system comes back negative. Cause is a rootkit, and this particular variant hides in an infected acpi.sys. Cute, huh? I just pulled that one off two of my sales guys' PCs. We probably wouldn't have caught it at all, except our firewall blocked the incorrect DNS lookup, so instead of returning a poisoned result, it returned a TIMED OUT result. Yay for good firewall rules!

 

[Robert]

no, but mine is just more unlikely

Yep. That extends to OSX, AmigaOS, MorphOS, etc.

None immune but no major problems with any, afaik.

 

[ilwrath]

None immune but no major problems with any, afaik.

There's plenty of major problems for them. (OSX flashback just tore through Macs, the infected OpenSSH builds made Linux a while back, AmigaOS and Morph don't really handle any security, at all, just being single-user OS.) None of the problems are nearly as widespread, because they don't have the market share. If anything, though, that makes those platforms more dangerous, as infection is much less likely to be spotted.

 

[Glaucus]

no, but mine is just more unlikely

That's what many iMac ownsers used to think: Flashback Trojan Still on 140,000 Computers

Considering less than half Mac owners use anti-virus software, this likely to be the next big thing in malware trends.

Linux is not bullet proof. All those Android unlockers exploit bugs in the linux kernal, and there's no shortage of them. Nothing is secure, the best you can do is to be a moving target. In other words, keep your software current.

 

[cecilia]

just had a kernel update a few minutes ago

 

[Robert]

There's plenty of major problems for them. (OSX flashback just tore through Macs, the infected OpenSSH builds made Linux a while back, AmigaOS and Morph don't really handle any security, at all, just being single-user OS.)

Well, your definition of major differs from mine.
I've been using OSX daily for ten years, only ever had one bit of malware. And it was relatively harmless.
My current install of win7 aside (which, to be fair, has been clean since I installed it) every Windows PC I've owned has had to be cleaned of crap regularly.

Amiga never had a thing, nor did MOS.

None of the problems are nearly as widespread, because they don't have the market share.

Which was part of my point.

If anything, though, that makes those platforms more dangerous, as infection is much less likely to be spotted.

Perhaps but I'll take a decade of no problems over a regular cleaning ritual, every time, thank you very much.

-EDIT-

I should point out that I appreciate the lack of security and also that it's probably only a matter of time before OSX is riddled with the pox. Nonetheless, up until now it has not been a major problem.

 

[Glaucus]

The first time I ever encountered a computer virus was on my Amiga. In fact, I probably had more Amiga infections than I have on the PC. But I haven't had many infections on my PC, although I've spent days worth of man-hours cleaning viruses off my friend's machines. Luckily I've drilled it into the wife's head that opening attachments from people you don't know IS NOT ALLOWED!!!!

 

[Robert]

Yes, I remember getting quite worried about viruses on the Amiga and running virus checkers and the like but never encountered one.
Nevertheless, I was always aware of the lack of security.
I remember Matt Sealey (some of you guys may also remember him) from AFB demonstrating how easy it was to infiltrate Amigas via YAM (I think - memory's a bit hazy) and managing to ruffle a few feathers at the same time.
</wipes nostalgic tear from eye>
I wilfully took part in that experiment but was lucky enough never to encounter a genuinely malicious virus or trojan.
Then again, my miggys were rarely online and I quickly settled down to a handful of applications and stuck with them.

 

[ilwrath]

Well, your definition of major differs from mine.

Well, it probably does. While I won't disagree that the absolute odds of a poorly trained user getting a Windows PC compromised are greater than the odds of the same poorly trained user managing to infect a Mac or Linux box... The worst infection is the one you don't know about. The fact of the matter is, the detection, analysis, and removal tools on Windows are years ahead of that on any other platform.

And, as for high-end targeted exploits... yikes. Exploited *nix boxes can live for years with no one noticing the little bug... That's very rare for Windows. Everyone uses it, and things that are amiss get noticed pretty quickly.

Perhaps but I'll take a decade of no problems over a regular cleaning ritual, every time, thank you very much.

There shouldn't be a "cleaning ritual." When an exploit occurs, it needs to be detected quickly, and dealt with promptly and harshly. If, like many people, you care so little about security that you just let everything go until a certain time you "clean up".... Then you're going to be a menace to any system you use.

Yes, I remember getting quite worried about viruses on the Amiga and running virus checkers and the like but never encountered one.

I ran into Lamer Exterminator, Saddam, and a few billion others that I don't remember, anymore. (I remember LE and Saddam because they were the most common on BBS around me.) Both cost me quite a few hours of scanning floppies. (Lamer Exterminator was before I ran virus checking and Saddam hit as a 0-day and no one knew what the hell it was for a couple weeks...) Ah, the fun times before the World Wide Web...

I remember Matt Sealey (some of you guys may also remember him) from AFB demonstrating how easy it was to infiltrate Amigas via YAM (I think - memory's a bit hazy) and managing to ruffle a few feathers at the same time.

Yeah.... Amiga/MOS are trivially easy to take over, as there is no security model, at all. Everything is administrator, so every exploit is a root exploit. Hell, you usually don't even need an exploit, as there's no security or authentication on the ARexx port, either. Absolutely any application is allowed to throw a command down the ARexx port of any other application. I'm quite sure there are easily exploitable holes in every software package out there. AmIRC, iBrowse, etc, all have them. Amigas were never intended to be hooked to a public network. That sort of thing just didn't happen back then. There is no security, whatsoever. It's just not part of the OS model. Just no one cares, because no one except the fringe use them.

 

[Robert]

There shouldn't be a "cleaning ritual."

Perhaps not but I found that a once a week check served me better than having stuff running in the background, especially on lower end hardware. Constantly running virus checkers were a system drag. At least the ones I used to use. I could get a lot more work done by running an open system, then checking it at the end of the week.

If, like many people, you care so little about security that you just let everything go until a certain time you "clean up".... Then you're going to be a menace to any system you use.

I can cope with that. I've been a menace to my systems for decades.

Just no one cares, because no one except the fringe use them.

Indeed, and this was one of the reasons so little happened on OSX but it's become more popular over the last few years so I guess those days are over.

The point I was really trying to make is that, using Windows, security has always been a concern.
On the other hand, for the last decade I've been able to use my main computer without giving much thought to security.
It simply hasn't been a remotely comparable issue. And it was nice not having to care.

 

[Glaucus]

On the other hand, for the last decade I've been able to use my main computer without giving much thought to security.

Ya, that's the interesting bit. Security is more about social engineering than technology. Windows users are almost at the point of being paranoid, and I've heard many say "Maybe I should get an iMac" for no other reason than fear of getting a computer virus. But being aware of it and taking precautions is where the real security takes place and on that level Windows users are probably more aware than iMac users.

Which makes me kinda wonder, if the iMacs start being targeted in large numbers, will that actually get people moving back to Windows? I guess it all depends on how much of a factor security was when people decided to buy an iMac.

 

[Robert]

if the iMacs start being targeted in large numbers, will that actually get people moving back to Windows? I guess it all depends on how much of a factor security was when people decided to buy an iMac.

Probably. I moved from Amiga to Mac as audio software on the Amiga just couldn't compete anymore and Logic, which was the my favourite of the bunch I tried, was only available on OSX. All the security stuff was just a by-product.

I could just as easily have switched to Windows or Linux, had the audio software available for either grabbed me the way Logic did. In hindsight, I'm glad it didn't from the security point of view, given that I've had a decade of not having to bother my arse about it.