Dispatch from the Head Sherpa

Important Bulletin – DNS Infection Could Break Your Internet

Last November, an Estonian hacker ring that infected millions of computers through malware-laded servers was successfully disbanded by the FBI in Operation Ghost Click - Read the CNN article here if you’re unfamiliar with this story. Since 2007 the hackers had been redirecting and infecting computers all around the globe.

How did they do it? They used a type of malware exploit that allowed them to redirect internet links to fraudulent sites. When computers are on the internet, they use a DNS (or domain name system) to convert friendly names, like www.mysherpa.com, to a numerical link. This numerical link allows computers to talk to each other across the web. The hackers exploited this conversion and forced many unsuspecting computers to redirect to their infected sites. It worked because it appeared to operate as a legitimate business, when in fact, it was using computers to complete fraudulent transaction on infected servers.

Since the sting, the FBI have taken measures to minimize the effects of the malware on users who were unaware of the infection, however a court order to keep the “cleaned” servers (replaced after the hackers were arrested) will be expiring on July 9th, 2012. What does that mean for you? It means that if you are still infected, your computer will still direct to the “bad” server address, and since the server will no longer be live, you will potentially be blocked from any internet access from any machine that is infected. Luckily, there’s a simple way to know for sure before the deadline.

In order to help users who may still be infected, U.S. authorities have created a link to help determine if you are infected. This free service is a quick DNS checker service which will determine in seconds if your computer is carrying this; we are highly recommending that you take five minutes and visit the following link - https://www.dcwg.org/. This link will NOT scan your computer, will NOT install any kind of tracker or software – it’s simply to check the DNS record your computer uses and will tell you if you are infected (red) or not (green). It also WILL NOT remove the infection, should you have it. You will need to run normal antivirus/antimalware scans and removers if you believe you have an infection. The DCWG website has many helpful guides if you believe you have been infected or are a victim of the scam.

Why are we advocating that you check your computer right away? Because the FBI is only running this service through July 9th, 2012. After that date, any computer that is still infected won’t have the stopgap measure to help them access the internet – and connectivity may be lost. It’s really worth it to take the time to check the DNS record – your computer will NOT be scanned for any additional information and you can rest assured that you’re not spreading or harboring malware.

If you have any questions or concerns about this scanner or what may be lurking on your computer or network – MySherpa® is here to help you – please visit our Contact Us page and drop us a line.



More Resource links about the malware and infection:

Time Techland article

Federal Bureau of Investigation new report

DCWG Official Site

Leave a comment!

You must be logged in to post a comment.