You may remember the “Operation Ghost Click” in November of last year when the FBI tracked down hackers who were attempting to control over 570,000 computers worldwide through malware causing a DNS change.
Unfortunately, shutting down the malicious hacker servers also meant shutting down the thousands of users’ internet that were infected with the DNS change, with the majority of users not aware the change occurred. To buy time and protect the affected public from the numerous scams they were now susceptible to, the FBI launched a safety net bringing in a private company to launch two clean servers to redirect thousands of computers from the hacker’s server and maintain internet access.
The temporary solution shuts down on Monday July, 9 and will leave thousands without internet should they not diagnose and fix the malware before the deadline.
Despite all the warnings from the FBI and notices from Facebook and Google if they suspect your computer has a DNS change, the AP reports that 227,000 computers are still infected worldwide, 64,000 of those residing in the US including 50 Fortune 500 companies. Internet providers like Comcast are also doing their part in educating and warning their customers through letters and messages, however thousands are still in the dark and will be on Monday as well.
If you haven’t already, visit the site below that the FBI set up to check if your devices are infected:
If the screen shows up green, you are good to go. If the screen is red, your computer or other device is infected. Remember, even if you check your computer manually (see below) and the DNS comes up clean, another device could be the problem if you are using a wireless router. The router could even be infected spreading the malware to any device, laptop, game platform that connects to it.
If you are infected: The most comprehensive resource I found is afterdawn.com. James Delahunty gives straight forward, step-by-step instructions on how to switch back your malicious DNS back to normal settings on a PC or Mac or fix your malware infection on a wireless router.
Users who want to check their configuration manually need to look out for the following IP address ranges:
• 85.255.112.0 to 85.255.127.255
• 67.210.0.0 to 67.210.15.255
• 93.188.160.0 to 93.188.167.255
• 77.67.83.0 to 77.67.83.255
• 213.109.64.0 to 213.109.79.255
• 64.28.176.0 to 64.28.191.255
Check DNS on Windows XP
• Click Start Menu.
• Click Run.
• Type “CMD” (without quotes).
• Type “ipconfig /all” (without quotes) and press Enter.
• Look through the results for Local Area Connection settings. Find “DNS Servers”.
• If the DNS server ranges match any of the malicious ranges shown above, then you are affected.
Check DNS on Windows Vista / 7
• Click the Orb/Start Menu.
• Type “CMD” into the search box (without quotes).
• Run CMD.exe from the results.
• Type >”ipconfig /all” (without quotes) and press Enter.
• Look through the results for Local Area Connection settings. Find “DNS Servers”.
• If the DNS server ranges match any of the malicious ranges shown above, then you are affected.
Check DNS on Mac OS X
• Click the Apple icon on the Desktop (top left).
• Click System Preferences.
• Open the Network preferences.
• The DNS Server information will now be shown. If either IP fall within the malicious ranges shown above, then the system is affected.
I urge you to share this with any friends and family that may be unaware about this issue. Let’s not participate in this Malware Monday.