Saturday, July 7, 2012
How to detect and fix a machine infected with DNSChanger
The FBI will be closing the DNSChanger network on Monday, after which thousands worldwide are expected to no longer be able to access the Internet.
On July 9, the FBI will close down a network of DNS servers that many people have been depending on for proper Internet access. These servers were originally a part of a scam where a crime ring of Estonian nationals developed and distributed a malware package called DNSChanger, but which the FBI seized and converted to a legitimate DNS service.
This malware scam has been widespread enough that even third-party companies like Google and Facebook and a number of ISPs like Comcast, COX, Verizon, and AT&T have joined in the effort to help remove it by issuing automatic notifications to users that their systems are configured with the rogue DNS network.
If you see this or similar warnings when using Google or other services, then be sure to check your system for malware.
(Credit: CNET)
If you have recently received a warning when performing a Google search, browsing Facebook, or otherwise using the Web that claims your system may be compromised, then you might consider taking a few steps to check your system for the presence of the malware. This can be done in a couple of ways. First you can check the DNS settings in your system to see if the servers your computer is using are part of the rogue DNS network.
On Mac systems open the Network system preferences and for each network service (Wi-Fi, Ethernet, Bluetooth, etc.), select the service and then click the "Advanced" button. Follow this by selecting the "DNS" tab and making note of the DNS servers listed. You can also do this in the Terminal by first running the following command:
Check this location for all network connections to see the DNS configuration in OS X (click for larger view).
(Credit: Screenshot by Topher Kessler/CNET)
networksetup -listallnetworkservices
After this command is run, next run the following command on each of the listed names (be sure to remove any asterisks from in front of the names, and ensure the names are in quotes if there are any spaces in them):
networksetup -getdnsservers "SERVICE NAME"
Repeat this command for all listed services (Especially Ethernet and Wi-Fi connections) to list all configured DNS servers.
On a Windows machine (including any of those you may have installed in a virtual machine), you can open the command-line tool (select "Run" from the Start menu and enter "cmd," or inWindows 7 select "All Applications" and then choose the command line from the Accessories folder). In the command line, run the following command to list all network interface information, including configured DNS server IP addresses:
Windows DNS server settings for all interfaces can be seen in its command line (click for larger view).
(Credit: Screenshot by Topher Kessler/CNET)
ipconfig /all
Once you have your system's DNS servers listed, enter them into the FBI's DNS checker Web pageto see if they are identified as part of the rogue DNS network. In addition to manually looking up and checking your DNS settings, a number of Web services have popped up that will test your system for the DNSChanger malware. TheDNSChanger Working Group has compiled a listof many of these services, which you can use to test your system (for those in the U.S., you can go to dns-ok.us to test your connection).
If these tests come up clean, then you have nothing to worry about; however, if they give you any warnings, then you can use an anti-malware scanner to check for and remove the DNSChanger malware. Given that the malware was abruptly halted in November 2011, there's been ample time for security companies to update their anti-malware definitions to include all variants of DNSChanger. If you have a malware scanner and have not used it recently, then be sure to launch and update it fully, followed by performing a full scan of your system. Do this for every PC and Mac on your network, and in addition be sure to check your router's settings to see if the DNS settings there are proper ones from your ISP or are rogue DNS settings.
If your router or computer is not showing any valid DNS server addresses after you have removed the malware, and your system is unable to connect to Internet services, then you might try configuring your system to use a public DNS service, such as those from OpenDNS and Google, by entering the following IP addresses into your system's network settings:
8.8.8.8
8.8.4.4
208.67.222.222
208.67.220.220
8.8.4.4
208.67.222.222
208.67.220.220
If after Monday you find you can no longer access the Internet, then it's likely your system or network router is still configured with the rogue DNS servers and you will need to again attempt to detect and remove the malware from your systems. Luckily the malware is not viral in nature so it will not self-propagate and automatically re-infect systems. Therefore, once removed and once users have set up valid DNS servers on their systems, then the affected computers should have proper access to the Internet.
Background
DNS is the "Domain Name System," which acts like the Internet's phone book and translates human-friendly URLs such as "www.cnet.com" into their respective IP addresses that computers and routers use to establish connections. Since DNS is the interface between the typed URL and the targeted server, the crime ring created its own DNS network that would in large part work normally, but would also allow the ring to arbitrarily redirect the traffic for specific URLs to fake Web sites for the purposes of stealing personal information or getting people to click on ads.
DNS is the "Domain Name System," which acts like the Internet's phone book and translates human-friendly URLs such as "www.cnet.com" into their respective IP addresses that computers and routers use to establish connections. Since DNS is the interface between the typed URL and the targeted server, the crime ring created its own DNS network that would in large part work normally, but would also allow the ring to arbitrarily redirect the traffic for specific URLs to fake Web sites for the purposes of stealing personal information or getting people to click on ads.
Setting up the rogue DNS network itself isn't enough, since this network needs to be specified in a computer's settings in order to be used. To make this happen, the crime ring created the DNSChanger malware (also referred to as RSplug, Puper, and Jahlav), which was distributed as a trojan horse and successfully infected millions of PC systems worldwide. Once installed, this malware would continuously change the DNS settings for the affected computer and even for network routers, to point to the crime ring's rogue DNS network. As a result, even if people manually changed their computers' DNS settings, these changes would automatically be reverted by the malware on their systems.
Since it's takedown, the number of infected systems has declined, though thousands worldwide are still infected.
(Credit: DCWG)
Since millions of PC users had been infected by this malware, once the crime ring was taken down in a November 2011 multilateral sting called Operation Ghost Click, the FBI and other government authorities decided against turning off the rogue DNS network as this would have instantly prevented the infected systems from resolving URLs, and thereby would have effectively shut down the Internet for them. Instead, the DNS network was kept active and converted to a legitimate service while efforts were put in place to notify users of the DNSChanger malware and wait for the number of worldwide infections to fall.
Initially the rogue DNS network was slated for closure in March of this year; however, while the rate of infections fell significantly once the crime ring was broken up, the number of infected computers has remained relatively high, so the FBI extended the deadline to July 9 (this upcoming Monday). Unfortunately, even as this deadline approaches, thousands of PC system worldwide are still infected with the DNSChanger malware, and when the servers are shut down these systems will no longer be able to resolve URLs to IP addresses
will Eega enter 100 crore club???
New Delhi: Kicha Sudeep, who has made his name in the Kannada industry, has become a brand across South India with 'Eega' releasing in 1200 theatres across South India.
Bollywood film maker and director Ram Gopal Varma has already given his verdict. Recently tweeting about the film, RGV said, "I think Eega will be the first film to start the Rs 100 crore club in Telugu industry. In other words, I mean, it will collect Rs 100 crore in Telugu alone."
The Kannada film star is making a big impact through the trailers. 'Eega' will show its colours this week with English subtitles in 100 theatres in Karnataka alone.
So, how is Sudeep planning to present it to the Kannada audience? "I have never really thought about it. I only know my movie will come here also and the same fans are going to watch it. The only difference is I don’t have to identify myself here in Karnataka. For me, this is one wonderful script, which came my way and I have done it," he says.
It doesn’t matter much to Sudeep in how many languages the moive is released as he knows he has given his best as an actor.
Right now he is focusing on his future assignments. “I am thinking about what I can do and how far I can travel. Every actor has got his own boundary. Beyond which, there comes a time when everything becomes boring.
Before that, do your bit and make a good place in the hearts of people before you should vacate the industry,” says Sudeep. When it comes to art of film making, Sudeep likes to go with the flow and having had hands-on experience in different film industries, has Sudeep understood it or is he yet to learn the nuances of the trade? “To understand cinema, one need not travel extensively. When knowledge is within you, you can learn where you are seated. Education doesn’t come from school, as it is inside you. It is just an awareness and one should know what kind of films people are watching,” he says. According to Sudeep, he is where he is because of his love for cinema. “I have never put stars across my name anytime.
I was driven to this field because of my madness towards cinema and not for stardom and that’s what kept me going,” he says. As far as choosing subjects, this actor goes by his instinct. “People who approach me know me and know my moods by now. They know the atmosphere I love to work in. Everybody is very accommodative,” he says. Talking about the significance of the story vis-a-vis the budget, Sudeep feels that budget has nothing to do with the story but the way you want to tell it.
“It is the extravagant scene or an atmosphere created to pull the audience with a mind-boggling song that raises the budget. It is the way you want to tell a story with every frame becoming rich. Now-a-days people want to see something very huge and nobody will pay a small amount to just go there and see a practical life and come out. It is all about how you offer entertainment,” he concludes.
Thursday, July 5, 2012
Wednesday, July 4, 2012
God particle': New particle found, could be the Higgs boson, CERN scientists say
what is higgs boson???
Monday, July 2, 2012
GOD PARTICLE FOUND???
LONDON: The elusive Higgs boson, or the " God Particle" that may solve the fundamental questions about the formation of the universe has been found, scientists are likely to announce on Wednesday.
The Organisation for Nuclear Research (CERN) is said to have invited five leading theoretical physicists to its next update in Geneva on the subatomic particle search, sparking speculation that the particle has been discovered.
It's expected that the scientists will say they are 99.99 per cent certain the particle has been found -- which is known as "four sigma" level, the Daily Mail reported.
Peter Higgs, the Edinburgh University emeritus professor of physics that the particle is named after, is among those who have been called to the press conference in Switzerland.
The management at CERN want the two teams of scientists to reach the "five sigma" level of certainty with their results -- so they are 99.99995 per cent sure -- such is the significance of the results.
Tom Kibble, emeritus professor of physics at Imperial College London, has also been invited but is unable to attend.
"My guess is that it must be a pretty positive result for them to be asking us out there," he told the Sunday Times.
The Higgs boson is regarded as the key to understanding the universe. Physicists say its job is to give the particles that make up atoms their mass.
Without this mass, these particles would zip though the cosmos at the speed of light, unable to bind together to form the atoms that make up everything in the universe, from planets to people.
The Large Hadron Collider, housed in an 18-mile tunnel buried deep underground near the French-Swiss border, smashes beams of protons -- sub-atomic particles -- together at close to the speed of light, recreating the conditions that existed a fraction of a second after the Big Bang.
If the physicists' theory is correct, a few Higgs bosons should be created in every trillion collisions, before rapidly decaying. This decay would leave behind a "footprint" that would show up as a bump in their graphs.
However, despite 1,600 trillion collisions being created in the tunnel, there have been fewer than 300 potential Higgs particles.
Now it is thought that two separate teams of scientists, who run independent experiments in secret from each other, have both uncovered evidence of the particle.
Sunday, July 1, 2012
Subscribe to:
Posts (Atom)