report scams here at scam.com dont get scammed Scams and Scammers - Expose hypocrisy and spread respect ! Don't get ripped off! REGISTER
Go Back   scams > Scam Message Board > Internet Scams
Register FAQ Register To Post Member List Promote Search Today's Posts Mark Forums Read
Reply
 
Thread Tools
  #1  
Old 04-21-2012, 12:53 PM
EvilZoe's Avatar
EvilZoe EvilZoe is offline
Je suis un travesti executif
 
Join Date: Jan 2012
Location: Arizona
Posts: 1,979
Important Notice For Windows Users

FBI: Hundreds Of Thousands May Lose Internet In July

Quote:
WASHINGTON (AP) — For computer users, a few mouse clicks could mean the difference between staying online and losing Internet connections this summer.

Unknown to most of them, their problem began when international hackers ran an online advertising scam to take control of infected computers around the world. In a highly unusual response, the FBI set up a safety net months ago using government computers to prevent Internet disruptions for those infected users. But that system is to be shut down.

The FBI is encouraging users to visit a website run by its security partner, http://www.dcwg.org , that will inform them whether they're infected and explain how to fix the problem. After July 9, infected users won't be able to connect to the Internet.

Most victims don't even know their computers have been infected, although the malicious software probably has slowed their web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.

Last November, the FBI and other authorities were preparing to take down a hacker ring that had been running an Internet ad scam on a massive network of infected computers.

"We started to realize that we might have a little bit of a problem on our hands because ... if we just pulled the plug on their criminal infrastructure and threw everybody in jail, the victims of this were going to be without Internet service," said Tom Grasso, an FBI supervisory special agent. "The average user would open up Internet Explorer and get 'page not found' and think the Internet is broken."

On the night of the arrests, the agency brought in Paul Vixie, chairman and founder of Internet Systems Consortium, to install two Internet servers to take the place of the truckload of impounded rogue servers that infected computers were using. Federal officials planned to keep their servers online until March, giving everyone opportunity to clean their computers. But it wasn't enough time. A federal judge in New York extended the deadline until July.

Now, said Grasso, "the full court press is on to get people to address this problem." And it's up to computer users to check their PCs.

This is what happened:

Hackers infected a network of probably more than 570,000 computers worldwide. They took advantage of vulnerabilities in the Microsoft Windows operating system to install malicious software on the victim computers. This turned off antivirus updates and changed the way the computers reconcile website addresses behind the scenes on the Internet's domain name system.

The DNS system is a network of servers that translates a web address — such as www.ap.org — into the numerical addresses that computers use. Victim computers were reprogrammed to use rogue DNS servers owned by the attackers. This allowed the attackers to redirect computers to fraudulent versions of any website.

The hackers earned profits from advertisements that appeared on websites that victims were tricked into visiting. The scam netted the hackers at least $14 million, according to the FBI. It also made thousands of computers reliant on the rogue servers for their Internet browsing.

When the FBI and others arrested six Estonians last November, the agency replaced the rogue servers with Vixie's clean ones. Installing and running the two substitute servers for eight months is costing the federal government about $87,000.

The number of victims is hard to pinpoint, but the FBI believes that on the day of the arrests, at least 568,000 unique Internet addresses were using the rogue servers. Five months later, FBI estimates that the number is down to at least 360,000. The U.S. has the most, about 85,000, federal authorities said. Other countries with more than 20,000 each include Italy, India, England and Germany. Smaller numbers are online in Spain, France, Canada, China and Mexico.

Vixie said most of the victims are probably individual home users, rather than corporations that have technology staffs who routinely check the computers.

FBI officials said they organized an unusual system to avoid any appearance of government intrusion into the Internet or private computers. And while this is the first time the FBI used it, it won't be the last.

"This is the future of what we will be doing," said Eric Strom, a unit chief in the FBI's Cyber Division. "Until there is a change in legal system, both inside and outside the United States, to get up to speed with the cyber problem, we will have to go down these paths, trail-blazing if you will, on these types of investigations."

Now, he said, every time the agency gets near the end of a cyber case, "we get to the point where we say, how are we going to do this, how are we going to clean the system" without creating a bigger mess than before.
__________________



"The one thing women don't want to find in their stockings on Christmas morning is their husband." ~ Joan Rivers


Reply With Quote

  #2  
Old 04-21-2012, 01:50 PM
mumbles's Avatar
mumbles mumbles is offline
Most Valued Gold Member
 
Join Date: Jul 2006
Posts: 7,803
Re: Important Notice For Windows Users

i checked the sources and it all seems to be valid. i also used the page to check manually to see my computer is infected - not.

i use immunize function of spybot search and destroy. registry cannot be changed without my permission.

http://www.safer-networking.org/en/download/

i am also using a router - i think the router is where the DNS address is stored and don't think this hack can change it.



Reply With Quote

  #3  
Old 11-25-2012, 02:56 AM
TechnoSherpa TechnoSherpa is offline
I am new at Scam.com
 
Join Date: May 2006
Posts: 1
Re: Important Notice For Windows Users

Quote:
Originally Posted by EvilZoe View Post
There are at least 2 aspects of this that are highly suspect:
  1. $87,000 to install and run 2 DNS servers is insane, they could've contracted for that for well under $500. They shouldn't have even needed any servers, the ISP or data center that hosted the rogue servers could've simply assigned those IP addresses to their current DNS servers -- end of problem. If that's what was actually spent, the CEO of the ISC took the fed for a ride!
  2. Why didn't they simply use DNS to redirect all web site names to a web site with instructions to fix the infected PCs? Every commercial WiFi AP does it, it's hardly rocket science. It said in the article that web site redirection was the end game of the rogue DNS servers, they had the infrastructure handed to them, why not use it to inform owners of all infected PCs immediately?

Facilitating a scenario whereby hundreds of thousands of infected PCs are allowed to run as if nothing is wrong for 6 months constitutes a huge disservice! Earlier in the article it said AV protection was likely disabled on those boxes, what in hell were they thinking? I wonder how much other damage was done to and/or by those compromised PCs over those 6 months?

The only thing I can think of to be gained by installing special DNS servers would be a golden opportunity for surveillance, it would set them up to play man-in-the-middle for virtually every Internet connection made by infected systems over that time. No messy warrants, no need for ISP personell to be any the wiser, half a million PCs under their microscope.

And coincidently $87K sounds about right to setup a transparent frame capturing proxy, and maybe even some stateful analysis engine. Now we're talking about a project worth bringing ISC in to consult, as opposed to what was described -- something they surely had in-house people capable of handling.

Wonder when FIOA will kick in for this?

Reply With Quote

  #4  
Old 12-10-2013, 05:06 AM
Administrator's Avatar
Administrator Administrator is online now
Stick to thread topics please & don't scam.
 
Join Date: Oct 2011
Location: The Matrix
Posts: 13,287
Re: Important Notice For Windows Users

I'm on a Mac now and my computer is like 100% Yahoo now. If I try using Google it brings me to a blank page. Bought Nortons and nothings fixing it. So annoying.
__________________
Want to post on SCAM.COM? Register Here - Advertise - Promote


Reply With Quote

Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
Digital River Windows 7 Scam bongos Internet Scams 3 06-17-2011 03:55 PM
Castle Windows narih1narih1 Corporate Scams 1 12-04-2007 07:36 AM
Important Notice re Politics Board enlightenment Work at Home Scams 0 02-09-2007 04:58 AM
Microsoft Windows XP Pro SP2 - Not Genuine shezz Business Scams 2 09-23-2006 03:34 AM
Important notice for ALL mlm members - must act NOW against new FTC ruling moneycrazy.ws MLM Scams 51 06-19-2006 09:34 PM

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is On
Forum Jump




This site may contain advice, opinions and statements of various information providers. Scam.com does not represent or endorse the accuracy or reliability of any advice, opinion, statement or other information provided by any information provider, any User of this Site or any other person or entity. Reliance upon any such advice, opinion, statement, or other information shall also be at the User’s own risk. Neither Scam.com nor its affiliates, nor any of their respective agents, employees, information providers or content providers, shall be liable to any User or anyone else for any inaccuracy, error, omission, interruption, deletion, defect, alteration of or use of any content herein, or for its timeliness or completeness, nor shall they be liable for any failure of performance, computer virus or communication line failure, regardless of cause, or for any damages resulting therefrom. Just because a business, person, or entity is listed on scam.com does not necessarily constitute they are scammers. This is a free open forum where people can debate the merits from the consumer's or business owner's perspective. Registration and participation is always FREE.


All times are GMT -5. The time now is 07:15 AM.




Scam.com Is Proudly Hosted By Rackco and Protected By CloudFlare


Scams Message Board - Copyright 2004-2013 Scam.com , All Rights Reserved.