Tuesday, 24 April 2012

Problems on the internet

In the last few days a message headed "WASHINGTON (AP) — For computer users, a few mouse clicks could mean the difference between staying online and losing Internet connections this summer" has been doing the rounds.

Hopefully people are now becoming more aware of hoax messages and view such scaremongering headlines with caution. However this one is the real thing and my purpose in brining it to people's attention is twofold:

1. What do you do when you see scary messages like this (and perhaps receive them as emails)?
2. What to do about this one in particular.

Check for DNSChanger Malware

Taking the second of these first, this post concerns the internet Domain Name System (DNS), which is the mechanism that allows internet addresses to work. Underlying the friendly Web addresses such as is the numeric IP address that the internet really uses (an IP address looks like this: If the DNS system stops working properly, e.g. if it directs you to the wrong address, this could have disastrous effects, and that is exactly what will happen if your PC (or Mac) is infected with a Trojan called DNSChanger.

A report on the FBI Web site states "To assist victims affected by the DNSChanger malicious software, the FBI obtained a court order authorizing the Internet Systems Consortium (ISC) to deploy and maintain temporary clean DNS servers. This solution is temporary, providing additional time for victims to clean affected computers and restore their normal DNS settings. The clean DNS servers will be turned off on July 9, 2012, and computers still impacted by DNSChanger may lose Internet connectivity at that time."

What this means is that the actual DNS servers around the world will not be affected, but people whose PCs (or Macs) are infected could either cease to work properly (for accessing Web sites), or could get directed to the wrong sites without knowing.

There is a quick way of detecting whether you are infected: the site DNSChanger Eye Chart. If the user on an infected computer goes to the site, the image on the page is displayed with a red background. If the machine is clean, the image has a green background. The eye chart will also show a red image if the home router is infected, even if the computer itself is clean. If your computer is infected, you can get information about what to do here, on the DCWG Web site.

What to do about scary messages

But what should you do if you receive scary messages like the one I quoted above? How can you find out if they are genuine?

Well two things you should definitely not do are:

  1. Click on any links in the suspect message; 
  2. Send the warning to all your friends.

Instead, do a bit of research first, and here are some tips about what you can do:

Use some of the many security warning Web sites to check for recent notices - if the issue is valid you will probably find it confirmed there. Here are some you can try:

Don't just look up one of these, search on two or three of them. If they all confirm (or deny) the issue, then you can be pretty sure the information you have is correct.

If the message turns out to be a hoax, simply delete it or add it to your spam filter. Do not forward it to anyone. If you want to alert your friends, send them a separate email with a summary of the issue and the information you have discovered.

No comments:

Post a Comment