Globe advises broadband subscribers to avert Malware attack
Globe is advising its broadband service subscribers to immediately check and protect their computers and devices from a vicious malware which, if infected, redirects them to fraudulent web sites and will prevent them from going online on Monday, July 9.
Known as DNS Changer Malware, the US FBI says that infected computers are redirecting unsuspecting users to a bogus web site or to interfere with that user’s online web browsing. Hackers responsible for the malware are able to retrieve personal information and passwords.
According to US authorities, about 250,000 computers—both with Mac and Windows operating systems—are already infected with this malware, and more worldwide are expected to be affected.
As a security measure, infected computers may not be able to successfully surf the internet and access the web starting 12:01 am of Monday, July 9 to isolate them from further infecting other computers.
We strongly urge our broadband subscribers to take the necessary steps to check their computers as soon as possible before July 9. If infected, they should remove the virus from their computers immediately.
DNS CHANGER MALWARE FAQs:
1. What is the DNSChanger Malware is and what it does?
DNSChanger malware is a classified as computer Trojan (a Trojan is similar to a virus, except that it does not replicate itself, it appears legitimate but performs some illicit activity on the computer system when it is run or can allow somebody from a remote site to take control of the computer).
When you’re infected by this DNSChanger, it changes computer’s Domain Name Server (DNS) to replace the ISP’s provided good DNS servers with rogue DNS servers operated by the DNSChanger author or criminal, in order to divert traffic to unsolicited, and potentially fake/illegal sites in order to steal some personal information (such as user names, passwords and credit card numbers). Viruses and Trojans have been infecting computers almost as long as computers have been in businesses. Some are relatively harmless, while others bring systems down. DNSChanger Trojan was malicious enough to force the FBI to step in (see attached FBI info about DNSChanger).
For infected users, this could mean that their Internet won’t work after July 9.
2. Why is it July 9?
In November 2011, in the “Operation Ghost Click” (Reference 3), FBI successfully shut down the DNSChanger Botnet. According to a court order, in order to avoid the infected computers to lost connection with Internet immediately, FBI was authorized to set up a number of temporary DNS server to maintain the DNS services for the victims to solve this issue within 120 days. This order would be expired on July 9, 2012.
If FBI decides to close these temporary DNS servers as scheduled, several millions of the DNSChanger bots worldwide would not able to connect to the Internet. To properly handle this problem, we must help the victims to clean up the malware as soon as possible.
More information can be found here: http://www.dcwg.org/
3. Which gadgets are vulnerable?
The DNSChanger is targeting Windows PCs to other platforms that include the Mac OS and home routers as well; mobile devices may also be affected.
4. How does it affect customers and how does one know if his PC or gadget has been infected?
To figure out whether you’ve been infected with DNSChanger, just visit www.dns-ok.ca. This website checks your computer settings to see if it’s infected with DNSChanger. If the screen is green, you’re not affected. If the screen is red, your computer is infected with the DNS Changer malware. Perform this check on all the computers/laptops within your household.
Please note: if computer is infected, it must be removed by July 9th, 2012, in order to avoid disruption on Internet service.
5. What can be done to prevent it?
You can be protected by DNSChanger infection if you are using latest Anti-virus/Anti-malware software. Most commercial-grade Anti-virus software out there (like McAfee, Symantec, Trend-Micro, F-Secure, etc.) can detect and remove this DNSChanger Trojan.
MANUAL CHECKS AND FIXES
MANUAL CHECKING/DETECTION
Windows
1. Click Start
2. Open the Command Window
■(For Windows 7) Type cmd at the search bar
■(For Windows XP) Click Run, then type cmd at the bar
3. Type ipconfig /all
4. Search for the DNS Servers section
Mac OS X
1. Click the Apple icon an the top left of the screen
2. Select System Preferences
3. Locate the “Network” icon
4. Read the “DNS Server” line
Ensure that the DNS Servers are not within the following range of Internet Protocols (IPs):
■85.255.112.0 through 85.255.127.255
■67.210.0.0 through 67.210.15.255
■93.188.160.0 through 93.188.167.255
■77.67.83.0 through 77.67.83.255
■213.109.64.0 through 213.109.79.255
■64.28.176.0 through 64.28.191.255
If the DNSChanger is detected, users may then use any of the following software to clean the infection:
■Hitman Pro (32bit and 64bit versions)
■Kaspersky Labs TDSSKiller
■McAfee Stinger
■Microsoft Windows Defender Offline
■Microsoft Safety Scanner
■Norton Power Eraser
■Trend Micro Housecall
■MacScan
■Avira’s DNS Repair-Tool
Alternatively, subscribers may also visit the following sites to their system checked automatically
■http://www.dns-ok.us/
■http://dnschanger.detect.my
For more information on DNSChanger, visit the official DCWG website at www.dcwg.org [END]
Fixing DNS Server Settings (Manual)
As network configurations depend on local policies and infrastructure, it’s impossible for us to guess or recommend setting specific to your policies. However, as a recommendation for those impacted by such an attack, McAfee recommends notifying your network administrator (or network provider) who may assist you in resolving your issue and that of others in your network who may have been impacted.
Most organizations have a managed network capable of providing DNS Setting via a DHCP. If you are connected to a corporate network or ISP who may allow Automatic DNS Settings, please use the following steps to reset your configuration.
1. Backup your network settings.
Use the registry editor to take a backup of the registry information under:
• HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\SERVICES\TCPIP
2. Run ncpa.cpl from the by clicking (Start + R) as follows (It will open the Network Connections window):
3. Hit “OK”. This will bring up “Network connections”. Right-click in your active network connection. That may be Local Area Connection or Wireless Network Connection depending on whether you’re using a cabled or wireless network. Select Properties.
4. Select “Obtain DNS Server Address Automatically”