Design Con 2015

Yet another threat to your PC, but this one looks to be real...

May 01, 2012

Max the Magnificent-May 01, 2012

I'm so used to receiving fake "doom and gloom" emails from family, friends, and colleagues who have just been caught up in the "Internet threat du jour" that it comes as something of a surprise to run across a real, legitimate menace...

I tell you, I'm becoming very suspicious these days. You really have to be distrustful because the "bad guys" are becoming more and more subtle. For example, I immediately trash any "Your PayPal account has been limited" type messages without even thinking about it, but I was almost caught by a Phishing scam a couple of weeks ago.

The message in question seemed so "real" and "non-threatening." It was addressed to me personally. It explained that they were a charity who simply collects secondhand (but still serviceable) socks and distributes them to the homeless. It also noted that they were just starting to move into my area (and they named it), and it said that they would be working hand-in-hand with my local homeless shelter (and named that).

Since I actually contribute to the homeless shelter in question, I assumed that this was where the originators of this email had gotten my name, and I was just about to click on the link that purported to lead to a "Serviceable Socks" subpage (or something like that) on the local charity website when I thought to myself "Just a moment, let's not rush into anything here." So I looked at the source code for the HTML message and checked the actual hyperlink, which turned out to be nothing like what it was supposed to be.

Based on experiences like this, you can imagine my thoughts when I received an email that seemed to come from someone I know saying "Your computer may be infected and you may lose your Internet connection this summer." The first thing I did was bounce over to Snopes.com, which bills itself as "The definitive Internet reference source for urban legends, folklore, myths, rumors, and misinformation." Actually, the folks at Snopes deserve to strut their stuff a bit, because they do provide a valuable service (along with some annoying pop-up adverts).

When I instigated my search on Snopes I was expecting to find the usual "False" report on this threat, but instead I was taken to their In the News page where I found a brief spiel and a link to an article on PC Mag.com titled Avoid Internet Doomsday: Check for DNSChanger Malware Now (Click Here to read this article).

Searching further, I found versions of this article all over the Internet, such as This One on the Denver Post website. The story in a nutshell is that a team of international hackers ran an online advertising scam to take control of infected computers. As part of this, they downloaded malicious software onto 500,000+ computers running Microsoft Windows around the world. In addition to disabling antivirus updates, this malware changed the way the computers sort out website addresses thereby allowing the attackers to redirect computers to fraudulent versions of any website.

The good news is that the folks at the FBI caught the bad guys and put their own servers in place. What this means is that if your machine is infected, it might go a bit slower than usual (because your requests first bounce off the FBI servers), but you aren’t in any danger per se. The bad news is that the FBI are going to turn these servers off on 9 July 2012, at which time infected computers won’t be able to connect to the Internet. (I don’t know about you, but this would be a real bummer for me, because I rely on the Internet to get anything done).

But how do you know if your machine has been infected? Well, the FBI has a security partner at DCWG.org. If you visit this site, the first things you see are Detect and Fix buttons. If you click the Detect button you are taken to another page, which has links for different languages. I clicked the English link www.dns-ok.us and was rewarded with the following image informing me that my machine was OK.


I really like this because it's nice and simple. Had my machine been infected, the image background would have been in red, in which case I would have returned to the DCWG.org home page and clicked the Fix button.

I particularly like the fact that they've added "DNS Resolution = Green" under the image, because this means that they have a clue and the site also works for users who are red/green color blind.

Of course, when you see something like this, you always have a niggling worry in the back of your mind that it could itself be a Phishing scam...


If you found this article to be of interest, visit Programmable Logic Designline where you will find the latest and greatest design, technology, product, and news articles with regard to programmable logic devices of every flavor and size (FPGAs, CPLDs, CSSPs, PSoCs...).

Also, you can obtain a highlights update delivered directly to your inbox by signing up for my weekly newsletter – just Click Here to request this newsletter using the Manage Newsletters tab (if you aren't already a member you'll be asked to register, but it's free and painless so don't let that stop you [grin]).

Loading comments...

Parts Search Datasheets.com

KNOWLEDGE CENTER