Internet blackout for thousands coming Monday ?

By Hum
in Back Page News

 Share

Recommended Posts

Grand Master

Hum

Posted
Posted

NEW YORK (CNNMoney) -- Hundreds of thousands of Internet users whose computers are infected with a particularly nasty virus will be unable to access the Web starting on Monday.

The Federal Bureau of Investigation will shut down Internet servers that it temporarily set up to support those affected by malicious software, called DNSChanger. Turning off those servers will knock all those still infected offline.

Over the past five years, a group of six Estonian cybercriminals infected about 4 million computers around the world with DNSChanger. The malware redirected infected users' Web searches to spoofed sites with malicious advertisements.

In November 2011, the FBI and some overseas partners arrested those responsible, commandeered their servers, and attempted to warn those affected to get rid of the virus.

The FBI did not immediately take down the rogue servers, as infected computers would have lost Internet access, an FBI spokesman said.

To remedy the problem, the FBI had the nonprofit Internet Systems Consortium set up temporary servers. That way, computer owners would have time to get rid of their malware.

The servers were supposed to be shut down in March, but hundreds of thousands remained infected. Nearly 304,000 computers worldwide (about 70,000 in the United States) still had the virus in mid-June, according to the FBI's latest report. That's a large number, but it's a very small subset of the 1.6 billion PCs worldwide, of which an estimated 339 million are in the United States.

Still, the FBI decided to give people even more time to check for the malware, extending the deadline until July. The agency now says the time has come to cut the cord, and the emergency servers will be shut down on Monday, July 9th.

source

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

They should of shut them down day one..

Heres the thing if they are really that worried, why don't they they just have their temp severs they put up just direct people to a site that says HEY Your infected dumbass!!

I am sure they learned a lot about the infected when they brought up the temp servers, but all this hype seems a bit much. If users are hitting you for dns, you can direct them anywhere you want - no matter what they query. They should have done it months and months ago..

This is a bunch of hype about a bunch of idiots in the first place, prob a good thing if these people were off the net for good anyway ;)

Grand Master

primexx

Posted
Posted

They should of shut them down day one..

Heres the thing if they are really that worried, why don't they they just have their temp severs they put up just direct people to a site that says HEY Your infected dumbass!!

I am sure they learned alot about the infected when they brought up the temp servers, but all this hype seems a bit much. If users are hitting your for dns, you can direct them anywhere you want - no matter what they query. They should of done that months and months ago..

This is a bunch of hype about a bunch of idiots in the first place, prob a good thing if these people were off the net for good anyway ;)

sorry but this really bothered me:

should have

a lot

Guest nicconics

Posted
Posted

They should of shut them down day one..

Heres the thing if they are really that worried, why don't they they just have their temp severs they put up just direct people to a site that says HEY Your infected dumbass!!

I am sure they learned alot about the infected when they brought up the temp servers, but all this hype seems a bit much. If users are hitting your for dns, you can direct them anywhere you want - no matter what they query. They should of done that months and months ago..

This is a bunch of hype about a bunch of idiots in the first place, prob a good thing if these people were off the net for good anyway ;)

Now BudMan, you know if that happened the internet would shrink from its current user base to around 200-300k people. Then we would not have such things as zombo.com etc. :p

Grand Master

Hum

Posted
  • Author
Posted

... but DNSSEC Test is giving me a red X. :(

You've been a naughty boy.

For additional information regarding the DNS changer malware, please visit the FBI's website at:

http://www.fbi.gov/n.../malware_110911

ME:

DNS Changer Check-Up

DNS Resolution = GREEN

Your computer appears to be looking up IP addresses correctly!

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

"but DNSSEC Test is giving me a red X"

That doesn't mean your infected - my bad for not making that clear.

DNSSEC is a way to validate that your actually talking to the owning server and that records your getting are valid. Which would have told you right away that something was up if you had gotten pointed to some other dns that was returning bad info if the domain you were trying to go to was dnssec enabled. For example neowin does not have it enabled - simple dig to a domain can grab their key.

dig +dnssec domain dnskey

So wouldn't of done much good if they were misdirected etc.. But other domains like isc.org are

; <<>> DiG 9.9.1-P1 <<>> +dnssec isc.org dnskey
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48102
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4000
;; QUESTION SECTION:
;isc.org.					   IN	  DNSKEY

;; ANSWER SECTION:
isc.org.				770	 IN	  DNSKEY  256 3 5 BQEAAAAB2F1v2HWzCCE9vNsKfk0K8vd4EBwizNT9KO6WYXj0oxEL4eOJ aXbax/BzPFx+3qO8B
8pu8E/JjkWH0oaYz4guUyTVmT5Eelg44Vb1kssy q8W27oQ+9qNiP8Jv6zdOj0uCB/N0fxfVL3371xbednFqoECfSFDZa6Hw jU1qzveSsW0=
isc.org.				770	 IN	  DNSKEY  257 3 5 BEAAAAOhHQDBrhQbtphgq2wQUpEQ5t4DtUHxoMVFu2hWLDMvoOMRXjGr hhCeFvAZih7yJHf8Z
GfW6hd38hXG/xylYCO6Krpbdojwx8YMXLA5/kA+ u50WIL8ZR1R6KTbsYVMf/Qx5RiNbPClw+vT+U8eXEJmO20jIS1ULgqy3 47cBB1zMnnz/4LJpA0da9CbKj3A254T51
5sNIMcwsB8/2+2E63/zZrQz Bkj0BrN/9Bexjpiks3jRhZatEsXn3dTy47R09Uix5WcJt+xzqZ7+ysyL KOOedS39Z7SDmsn2eA0FKtQpwA6LXeG2w+jxmw3oA8lVUgEf/
rzeC/bB yBNsO70aEFTd
isc.org.				770	 IN	  RRSIG   DNSKEY 5 2 7200 20120801230125 20120702230125 4442 isc.org. smgvLPkUP2wVdsHUirDUOu
NqCPEAVzxRpNT6p6T14LhJokYlTl2zBbaa 4igyDfcNAhpUn747cm95PFt4wrkGXi/ZJ9D1XeQXQ4S56eEhnj3LUt4l MC6aU5GrDhUa5kH7ef2HYSmGM+0oajQZtop7xP
jHJ4Mkzsb7FhVcknUa JZk=
isc.org.				770	 IN	  RRSIG   DNSKEY 5 2 7200 20120801230125 20120702230125 12892 isc.org. nobtYkqQ/Hw9VqY6Spoog
TpyBfd715onQw4TzYz3vv9m8UDLUSjxULTx rUHPVtz0Ikgaw+RgzrBxftLsowxvM0ilDyGrFkg3OyW8zquG5jFnNJla iuuU9ysJnrPJ05xmmvWh/k9MwBzBNwq/Xu3wS
PLG+uTSAp26bztxeMV9 r3i/W6qBPoxiAo5D51k6W4OPfcrZqjRfi51RDqncwHXSl4OOeKC5JF8m 7f5rxkrZNB+1VCaBxCqBcPOJ/ZJNQWwAw7uWZCOwZ9uODsCQ6avoo
G1Q iOrEsxhcb1x4t9NXSUDhNUzuDGsI90pPvnnGi9Sgq7IeoEoZ0yNr2Vvw nvi8Mw==

;; Query time: 21 msec
;; SERVER: 192.168.1.253#53(192.168.1.253)
;; WHEN: Sun Jul 08 09:17:13 2012
;; MSG SIZE  rcvd: 925

More domains need to really start using this, but like ipv6 you have a carriage before the horse sort of deal. If the clients are not checking, no point in having it enabled, if domains are not using it - no real reason to be checking it ;) I would hit your ISP up on it if your that is the dns you use.

http://en.wikipedia....rity_Extensions

DNSSEC was designed to protect Internet resolvers (clients) from forged DNS data, such as that created by DNS cache poisoning. All answers in DNSSEC are digitally signed. By checking the digital signature, a DNS resolver is able to check if the information is identical (correct and complete) to the information on the authoritative DNS server

There should be no reason why your not able to do dnssec now, unless ISP is behind the times. You can contact your ISP about it, you can use a different dns (googledns, opendns, etc) or just run your own dns so that you can use dnssec.

post-14624-0-50969100-1341756178.png

The testresult is a green tick; what does that mean?

The green tick is good. It means that the DNS server your computer uses actively supports the DNSSEC Protocol. So you are better protected against abuse of the DNS Protocol.

I see a red cross; what's that all about?

A red cross means that you aren?t benefiting from the added security offered by DNSSEC. Compared with someone whose set-up is DNSSEC-enabled, you are more vulnerable to abuse of the DNS.

What can I do if I want to benefit the added security that DNSSEC offers?

That depends on the way you use the DNS. Many internet users rely on the DNS service provided by their Internet Service Providers (ISPs). If that?s the case with you, you need your ISP to activate DNSSEC. You may wish to contact your ISP about it. However, it could be that the reason you aren?t benefiting from DNSSEC is that there is a modem or router between your computer and the DNS server(s) you use, which does not understand DNSSEC. In that case, you may have to upgrade the firmware on your modem or router. More advanced users may decide to configure DNS servers that support DNSSEC, or even run their own DNS server that supports DNSSEC (a so called validating resolver). If you did the test in a business environment, you may wish to contact your IT department. However, be ready for the possibility that your IT colleagues aren?t immediately able to help you ? not very many people are familiar with DNSSEC yet.

  • Max Norris and +hedleigh
  • Like 2
Grand Master

Max Norris

Posted
Posted
There should be no reason why your not able to do dnssec now, unless ISP is behind the times. You can contact your ISP about it, you can use a different dns (googledns, opendns, etc) or just run your own dns so that you can use dnssec.

Nice writeup -- just a minor clarification, OpenDNS went with DNSCurve instead of DNSSEC. No idea on the technicalities of one being better than the other.. was curious as I use OpenDNS myself.

http://blog.opendns....endns-dnscurve/

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

dnscurve is a hop to hop and yes can be used for validation of the hops, and also actual encryption of the transaction. dnssec is full path, end-to-end and verifies that data you got is same as what is on the authoritative server for that domain.

They are sim in that they are working on securing dns, but not equal - not sure what opendns was thinking other than getting their users to run some client that only goes to them for dns ;) I really don't see a need for encryption of the actual transaction. But I can see verification of said data a big concern.

You could use dnscurve hand in hand with dnssec. For example use can use dnscurve to your resolver (isp for example) and then use dnssec to validate your data is legit. So at some point your ISP dns is talking to root servers, I highly doubt dnscurve is going to get deployed to the roots. But dnssec already is - back in may of 2010

http://www.root-dnssec.org/

Just do a dig +dnssec for any of the root zones org, com, net, etc.

As to opendns not using dnssec - on their blog entry about turning on dnscurve.

Editor?s note: Our support for DNSCurve doesn?t prevent our adoption of DNSSEC ? they are not mutually exclusive. While we have reservations about DNSSEC, we can and will implement it when we see more demand and traction, but in the meantime, when we see a viable technology that can be quickly implemented to improve security for DNS users, that?s a no-brainer in our book.

As I said before its horse/carriage, chicken/egg thing - why implement when no users, why should user use it if no one has it implemented ;)

So while dnscurve secures your info to opendns, does not really validate the data your getting from opendns - only that your getting it from opendns ;)

The news of this dns changer thing that went on way to long, hitting the mainstream can and should be used for users pushing their ISPs to make dns more secure. More and more queries for dnssec, and then more and more domains will start using it.

I think neowin should set the shining example and sign their domain - they run their own dns. Its not that difficult to do!

This could get them started

https://www.dnssec-tools.org/wiki/index.php/Sign_Your_Zone

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Nothing kills CMF Phone 2 Pro's successor due to rising memory prices

      By monterxz · Posted

      As I've been usually saying lately - we all can thank "AI" for this.
    • Windows 11 version 26H2 is now available for testing in the latest preview build

      By +TRS-80 · Posted

      Friday Windows 11 preview builds are here. Insiders in the Experimental (formerly Dev) and Beta Channel can download builds 26300.8697 and 26220.8690. My Windows11 device on the Preview Channel just got 26220.8728. My guess is this build is a nightly update from 26220.8690.
    • Traffic has a surprisingly unexpected impact on your surroundings

      By hellowalkman · Posted

      Traffic has a surprisingly unexpected impact on your surroundings by Sayan Sen Image by Radik 2707 via Pexels A collaborative study by researchers from several Israeli institutions found that everyday pollution from traffic and industrial activity measurably changed the atmospheric electric field over the Tel Aviv metropolitan area, providing new evidence of how human activity can influence the lower atmosphere. The research was led by Dr. Roy Yaniv of the Hebrew University of Jerusalem and the Gertner Institute at Sheba Medical Center, Dr. Assaf Hochman of the Fredy & Nadine Herrmann Institute of Earth Sciences at the Hebrew University, and Prof. Yoav Yair of Reichman University. The study also involved Itay Froomer, a student from Hadera High School and the Israeli Museum of Medicine and Science (Technoda), who carried out the work as part of the Ministry of Education's 5-unit physics research track. The researchers focused on the atmospheric electric field under fair-weather conditions. Even in the absence of storms, a weak electric field naturally exists between Earth's surface and the atmosphere. One of the main ways scientists measure this field is through the Potential Gradient (PG), which is the inverse of the vertical component of the electric field. PG is a key part of the global electric circuit, a planet-wide system of electrical currents maintained by thunderstorms and electrified clouds around the world. Scientists have long known that the atmospheric electric field can be influenced by factors ranging from large-scale atmospheric processes to local weather conditions such as dust, fog and clouds. Human-made pollution is also known to play a role, but understanding exactly how urban emissions affect the electric field close to the ground has remained an area of ongoing research. To investigate this relationship, the team analyzed measurements from a newly installed electric field mill, an instrument used to continuously monitor the strength of the atmospheric electric field. The instrument was installed at the Center for Technological Education (Roter House) in Holon and became operational in August 2024. It was funded by Israel's Ministry of Education and the Holon municipality. The electric field mill forms part of a broader monitoring network that includes nearby meteorological stations and air-quality monitoring sites. This allowed researchers to compare electric field measurements with detailed weather data and pollution records to better understand what was driving changes in the Potential Gradient. The study focused on two major urban pollutants: fine particulate matter (PM2.5) and nitrogen oxides (NOx), both commonly produced by vehicle traffic and industrial activity. PM2.5 refers to microscopic airborne particles small enough to remain suspended in the atmosphere for extended periods, while NOx is a group of gases released during fuel combustion. Researchers examined daily, weekly and seasonal patterns in the atmospheric electric field and compared them with changes in pollutant concentrations. Their analysis revealed a clear relationship between NOx levels and changes in the Potential Gradient, particularly during morning and evening rush hours when traffic emissions were at their highest. “What we observe is a direct physical link between emission peaks and electrical variability,” explained Dr. Roy Yaniv. “NOx reduces atmospheric conductivity very quickly, so the electric field responds almost instantaneously during traffic rush hours.” Atmospheric conductivity describes how easily electrical charges move through the air. According to the researchers, nitrogen oxides rapidly alter this conductivity, causing a near-immediate response in the electric field. PM2.5, however, was associated with a delayed response. The researchers attributed this difference to the particles' longer atmospheric residence time, meaning they remain in the atmosphere for longer periods, as well as their different microphysical interactions with surrounding air and atmospheric components. The study also identified a pronounced "weekend effect." In Israel, traffic volumes and some industrial activity decline significantly on Fridays and Saturdays. During these periods, concentrations of both NOx and PM2.5 dropped, and corresponding changes were observed in the atmospheric electric field. “The weekend signal demonstrates just how sensitive the electric field is to changes in human activity,” the researchers noted. “When emissions decline, the electrical environment adjusts at once, providing a high-resolution indicator of urban atmospheric conditions.” The findings showed that pollution levels can influence not only the chemical composition of the atmosphere but also its electrical properties. Researchers said the results strengthened the case for using atmospheric electricity as an additional tool for environmental monitoring, particularly in densely populated urban areas where anthropogenic, or human-caused, influences are most pronounced. The study also pointed to potential public health applications. By combining air-quality measurements with observations of atmospheric electricity, researchers said they could gain a more complete picture of how urban atmospheric conditions change over time. “Integrating air-quality data with electric-field measurements gives us a clearer picture of how the lower atmosphere evolves moment by moment,” the researchers added. “It’s a framework that can support both scientific insight and practical environmental decision-making.” Beyond the scientific findings, the project highlighted a collaboration between universities, public institutions and secondary education. Researchers said the work demonstrated how students could take part in real-world environmental research while contributing to studies of air quality, atmospheric processes and their potential effects on society. Source: Hebrew University, ScienceDirect This article was generated with some help from AI and reviewed by an editor. Under Section 107 of the Copyright Act 1976, this material is used for the purpose of news reporting. Fair use is a use permitted by copyright statute that might otherwise be infringing
    • Microsoft confirms Windows 11 26H2, urges IT admins to prepare for release

      By +TRS-80 · Posted

      We aren't even at the all-star game and Microsoft is talking about an update that will most likely be released during the World Series if not after. A lot can happen in the world between now and the 2026 World Series, including the 2026 FIFA Cup. Tell me about it again after the FIFA Cup is concluded. That should allow plenty of time to prepare for it.
    • Microsoft: Windows 11 could finally solve a major issue across AMD, Nvidia, and Intel GPUs

      By Jdoe25 · Posted

      Great, tell me when I have a "Bad Pool Caller" elsewhere not in Windoze.

  • Recent Achievements

    • Week One Done
      AMV earned a badge
      Week One Done
    • One Month Later
      AMV earned a badge
      One Month Later
    • Collaborator
      ryansurfer98 went up a rank
      Collaborator
    • One Month Later
      Eurosoft10 earned a badge
      One Month Later
    • Week One Done
      Eurosoft10 earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      541
    2. 2
      +Edouard
      186
    3. 3
      PsYcHoKiLLa
      79
    4. 4
      Michael Scrip
      77
    5. 5
      Steven P.
      71
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!