Major Computer Virus Situations.

A topic for posting info about major computer virus situations, which ordinary users might not know how to deal with.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Internet 'Doomsmday' 9th July 2012 -- The DNS Changer Virus.

A virus has been circulating on the Internet which affects Windows, Macs and Mobile Smartphones; the virus changes the settings in your computer/phone so that it no longer uses the DNS server entry supplied by your broadband supplier, but one run by cyber criminals.

DNS servers provide to the internet the same sort of service that Directories enquiries provide to the ordinary telephone system i.e. they convert the name you are seeking into the corresponding number.

For certain web sites, the fake DNS servers gave you a fake number instead, which sent you to a criminals webpage, which worked as normal, but could have been stealing information and advertising revenue from you.

The FBI caught the criminals and shut down the fake DNS servers, by substituting a real DNS server for each of the fakes, however they do not want the expense of running them for ever and proposes to shut them off on the 9th July 2012.

See Telegraph article, which somewhat exaggerates the problem. http://www.independent.co.uk/life-style/gadgets-and-tech/news/fbi-warns-virus-victims-face-internet-doomsday-7676060.html

The difficulty is that IF AND ONLY IF, your computer was at some time infected by this virus, after 9th July it will still be trying to use the faked DNS server addresses and so won't be able to connect to any named place on the Internet. It will be like trying to make a phone call with no phone-book and no Directory Enquiries.

So if you have any suspicion that you might have been infected you should test your computer BEFORE July 9th.

For more information and how to test, please visit my support web-page, because I don't want to have to keep repeating this stuff on lots of forums that I frequent.

http://www.datahighways.net/support/topic.asp?topic_id=336&forum_id=19

billwill, fighting bastards since some point gone by.

Thanks for the info though.

I do wish I knew what this meant.

Quote: Chappers @ April 27 2012, 12:00 AM BST

I do wish I knew what this meant.

View original

OK, lets have another go at explaining:

When you click on an Internet link, or type in an internet address, you are usually typing in a NAME of a web page, such as www.comedy.co.uk

But the Internet actually works on NUMBERS (called IP addresses) just like telephones only work with numbers. So behind the scenes, when you click a link containing a NAME, your computer browser program (such as Internet Explorer or Firefox) first of all has to look up the numeric address. It does this by consulting a service (for which it already knows the numeric address) {just like you might call directory enquiries to get a phone number, you have to KNOW the actual number of the Directory Enquiries service; 118 500 for BT, I think}.

The Internet look-up facility service is called the "Domain Name Service" DNS and is provided by DNS servers (computers which have whacking great lists of names and their numbers). There are lots of them (all back linked to each other to automatically keep the lists up-to-date). Normally any user uses the DNS server provided by his/her broadband supplier, who has supplied to the user the actual NUMERIC address (not the name) of the 'local' DNS server. If a computer does not know a valid numeric address for a valid DNS server, it is impossible for that computer to visit any NAMED web page, because it will not be able to look up the corresponding numeric address of the web page.

The "DNS Changer virus" on an infected computer interferes with that internal recorded number of the DNS server provided by the broadband supplier. The FBI & Estonian authorities removed the fake servers and substituted valid ones so the infected computers continued to work, but when they close down those temporary DNS servers on July 9th any infected computers will need to reset their internal copy of the numeric address to that of a valid DNS server.