Avoid Monday Internet shock

• M the name

  6 Jul 12, 01:42

  FBI sends world-wide warning about computer virus

   

  Avoid Monday Internet shock

   

  REPORT: DAVID SUN

   

  COME Monday, you might find your computer unable to connect to the Internet, that is if you don't do something about it soon.

    The reason: You could be one of an estimated 300,000 users around the world who have been hit by a malicious software (malware) called DNSChanger.

    Singtel and Starhub have sent out notices to inform Singapore users of the possible problems they might face.

    A Singtel spokesman said the company had sent an e-mail late last month, alerting the customers to the risks of the DNSCharger virus.

   

  Scan

   

  "We advised our customers to scan their computers for the virus using web security software and to restore DNS (Domain Name System) settings if required."

    An email from Starhub sent out yesterday provided some background information on the issue as well as a link to visit which provides more information.

    The normal process that happens when you type in an address to a page is changed when the computer is infected by DNSChanger.

    What usually happens is when a user types in an address, it then gets sent to a DNS server which then directs you to the site, which is a string of numbers.

    When infected by DNSChanger, the address keyed in is sent to a bogus server, directing you to malicious sites dressed up like the usual ones.

    "DNSChanger is a malware that changes a user's DNS settings, a capability that allows cyber criminals to direct unsuspecting users to fraudulent websites and interfere with their web browsing activities," said a spokesman for Singapore Computer Emergency Response Team (SingCERT).

    "However, this risk has been mitigated as the FBI (Federal Bureau of Investigation) has taken control of the DNSChanger's surrogate DNS servers," said the spokesman.

    The FBI shut down the ring of cyber criminals responsible in November last year.

    The bogus DNS servers were then fixed and maintained by the Internet Systems Consortium (ISC), allowing users to be directed to the correct sites instead of the malicious ones. However, these fixed servers will be shut down on Monday, July 9.

    This means that the addresses keyed in by users still infected will be sent to an offline server, leaving them unable to access the Internet.

    According to Symantec, the largest maker of security software for computers, there are at least 300,000 computers still being redirected to the rogue DNS servers, down from four million computers in November last year.

    You are advised to check your computer and find the appropriate solutions should it be infected. (See report at right.)

   

  • How do I know if I have been infected?

  Before July 9, users can check if their computers are affected by visiting one of the following sites:

  • www.dns-ok.us/

  • www.dns-ok.gov.au/

  • forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS

  
  • What can I do if infected?

  If your computer is infected, you can follow instructions on the above sites or go to the following sites for free tools to remove DNSChanger:

  • www.singcert.org.sg/dnschanger.html

  • www.dcwg.org/fix/

  
  • If I get cut off on July 9, what can I do?

  After July 9, affected Singapore users are advised to approach their respective ISPs for assistance, or access SingCERT website at

  • 61.8.254.35/dnschanger.php

  
  • How do I prevent this from happening again?

  Internet users can visit www.singcert.org.sg and www.gosafeonline.sg for more information on how to secure their computers against cyber attacks and other cyber security related information.

   

  • Answers provided by a spokesman for the Singapore Computer Emergency Response Team (SingCERT).

   

   

  News, The New Paper, Thursday, July 5 2012, Pg 12