Possible Computer LAN threat

Discussion in 'Computer Corner' started by R_W_B, Apr 24, 2012.

  1. R_W_B

    R_W_B Senior Member

    Possible Computer LAN threat
    (04-24-2012) Thought you guys might want a heads up on this. This affects both PC's and MAC's (Linux or it's various reincarnations are not affected)

    One of the lastest criminal threats causing possible issues now is a software infection (rootkit etc) of DNS redirection (changing). Once the LAN node and hence system is infected, the cirminal code can reconfigure the DNS redirection to criminal data gathering sites. The security Software folks (and the FBI) are aware of this so make sure you have your recent updates on your security software packages, but the fix as I understand it is not an across the board success yet and has to be dealt with on an indiviual basis due to configuration variances of different LAN systems.

    In brief reality, this is not a "new" threat. Recorded occurances of this started as far back as 2007 when a group of Estonia based individuals (northern Europe bording Russia) implemented a Bot-Net ring of DNS redirecting to reap fraudelent payment from users via internet ads.

    This particular ring of individuals were since caught by the FBI with the help of Estonain officials. They seized control of the fraudulent DN servers but did not shut them down since it would render countless infectees "serviceless" with no internet access or email until they got their LAN routher systems re-configed and setup.

    So the FBI decided to give notice that it would wait until July 9th 2012 to shut these roque servers down (since there is a cost involved in running them) to give infected users (and businesses) time to eliminate the infection prior to a total failure of large numbers of infectees.

    Additionally one can safetly assume there are likely other entities involved in this same activity across the globe and could be going after more than Bot Ads collection.

    A Domain Name Server (DNS) provides a "name lookup" service that matches the web name you type in on your browser address bar to an actual internet numercial address in it's lookup tables. Without DNS providers we would have to type in numerical addresses to each site we want to visit. Since providing this service requires equipment, programming setup and maintenance it is not free but usually supplied by your ISP provider (your cable or Dial up service).

    However there are folks providing (redirecting to) free, "criminal" DNS providers to control web browsing and/or redirect users to faudulent (fake) websites setup to look like the real site of your Bank, or online order site, so as to collect (by unaware user input) private data that can be used by criminals in stolen ID information related theft. (Steal from you).

    You can check for infection at,
    DNS Changer Check-Up - Clean

    No scan is necessary, it simply compares you DNS trail to a known list of roque DNS providers. You can also find more information on this subject by doing Google lookups.
  2. softail41

    softail41 Active Member

    Thanks for the heads up!
  3. geoff

    geoff Member

    Thanks for that one,great link.