July 9 virus information - what it is & what to do

Back in November, law enforcement authorities working with the Federal Bureau of Investigation arrested six of the seven individuals in Estonia responsible for infecting millions of Windows and Mac machines worldwide with the DNSChanger Trojan

Ok, so you think you have malware that intercepts the process that translates

to an IP address and sends you somewhere else that's bad. So, you click on a link to an executable that uses this compromised translation process to get the file.

Am I the only one who sees the irony in this?

This may be an actual problem. Some percentage of the links that get clicked may fix it. If I were a virus writer, I'd jump on this and laugh my ass off.

What if you just wait for your internet to go away and then stick in the DNS number off the paper that came with your isp contract?

And why didn't the FBI just have the offending DNS IP addresses aliased to REAL DNS IP addresses. Problem Solved.

This may not be a duck, but it sure quacks like one. And I'd bet that there are a lot of little ducklings lurking about.

That isn't a virus, which by definition can spread on its own. It is a Trojan Horse, which in the OSX Universe requires the computer's owner to actively okay the addition of the TH.

>

Lol... didn't think of that. Here ya go: http://62.146.210.54/files/support/FAQ_KB_Download_Files/EN/AviraDNSRepairEN.exe

They did. They turned all the rogue DNS servers into correct routing ones. Now they want to get out of the DNS business and go back to whatever they do.

If you say so.

SOP is -

Avira DNS Repair-Tool Free Avira-Tool which repairs your Windows-System from possible damages that the =93DNS-Changer=93 malware may have caused.

exactly, but krow is so hard to educate

yes, Trojan, not virus. I don't know if krow knows the difference

all viruses are malware, but not all malware is a virus. for this one, all a mac user had to do was deactivate javascript which is basically not needed on a day to day basis anyway

Actually all they had to do was to not press OK when the OS asked if it was okay to install it.

Not a problem. The world will be ending on December 21, 2012 anyhow. It will end regardless if you have internet access or not. The only bad thing is that you wont be able to click the "Like" button on Facebook as the world explodes. (Or did Facebook make a "Dislike" button for the end of the world?)

>>

http://62.146.210.54/files/support/FAQ_KB_Download_Files/EN/AviraDNSRepairEN.exe That still doesn't help. I don't know where that address takes me. Yes, I could look it up... You're asking me to trust you. I don't know who you are or whether you are who you say you are. That's the crux of social engineering. The bad guy isn't gonna say, "I'm here to screw you if you push this button." Successful scams never sound like scams.

What's worse is that google gives you a zillion hits from a zillion places about this issue and what to click to fix it. Don't know if most people watch the bottom line of their browser, but many links take you to a place that's different from what the link text says. And how many of us pay close enough attention that they'd notice a link to Avria.com??

This scare is a perfect opportunity to spread more malware.

What I actually did was boot a system built since the problem was fixed, went to avira, navigated to the tool, downloaded and ran it. Still haven't tried it on the main machine.

But, I have a question about how the malware works. ipconfig /all tells me where my dns servers are. If I were infected, would that show up in ipconfig? And if it did, and I put them back to the correct values, would the malware still be running and corrupt them again? And, if so, why didn't my Avira AV suite cure the malware already and warn me to check my DNS addresses?

I'm not buying it. All those bad ip addresses are currently assigned to some real DNS server. The FBI doesn't have to have any influence or responsibility for the server. Why can't they, or why didn't they, map all those bad addresses to one of the public DNS servers out there and be done with it??? I shouldn't have to know or care.

This all sounds too perfect. Bad Estonians, good FBI, OMG internet is goin' away, I'm here to help.... Sounds more like a Saturday morning cartoon.

I expect more people will be hurt by this scare than will be saved from it. Reminds me, I'm goin over to my neighbor's house to see if his Y2K generator will still start.

Ask in alt.privacy.spyware,alt.comp.anti-virus cross posted.

There is discussion about it now in those groups.

absolutely

snipped-for-privacy@snyder.on.ca wrote in news: snipped-for-privacy@4ax.com:

Jabut.. cliking on funny links from shady alarmists is likely to install the virus for you..... I will wait for Avast to stomp on bad things.