buglerbilly
11-11-11, 10:25 AM
Via Tactical Fanboy blog..........
November 10th, 2011
Four million computers involved. Whoa.
The FBI has taken down a huge botnet, it’s being called the biggest cybercriminal takedown in history. Four million computers involved. Basically a botnet from Estonia (which may have the dubious distinction of being the first country attacked in cyberwarfare a few years back) was highjacking the DNS settings of victim computers so it could control where victim computers would be sent to. DNS, aka: Domain Name System, is what tells your computer where Internet and network resources are. You type in www.google.com and through DNS, your computer finds out the IP address that is used by www.google.com. So if you control what location information is sent to computers then you can direct them where you actually want them to go e.g. porn sites, sites selling malicious software posing as security applications, phishing websites, etc.
FBI takes down largest cybercriminal organization in history
November 10th, 2011
BOLO Report (LEO blog)
The FBI has taken down a huge botnet, it’s being called the biggest cybercriminal takedown in history. Four million computers involved. Basically a botnet from Estonia was highjacking the DNS settings of victim computers so it could control where victim computers would be sent to. DNS, aka: Domain Name System, is what tells your computer where Internet and network resources are. You type in www.google.com and through DNS, your computer finds out the IP address that is used by www.google.com. So if you control what location information is sent to computers then you can direct them where you actually want them to go e.g. porn sites, sites selling malicious software posing as security applications, phishing websites, etc.
More information on the takedown:
http://blog.trendmicro.com/esthost-taken-down-%E2%80%93-biggest-cybercriminal-takedown-in-history/
http://countermeasures.trendmicro.eu/how-to-check-if-you-are-a-victim-of-operation-ghost-click/
http://www.computerweekly.com/Articles/2011/11/10/248414/FBI-takes-down-botnet-of-four-million-computers-in-Operation.htm
There are so many victims that the FBI has setup a site to see if your computer is affected. Basically you find out what IP address(es) your computer uses for DNS resolution and put that IP into the FBI tool. It then tells you if your computer was affected. Here’s the site:
https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS
Here is the official statement from the FBI:
http://www.fbi.gov/newyork/press-releases/2011/manhattan-u.s.-attorney-charges-seven-individuals-for-engineering-sophisticated-internet-fraud-scheme-that-infected-millions-of-computers-worldwide-and-manipulated-internet-advertising-business
Additional information from Symantec:
http://www.symantec.com/connect/blogs/dnschanger-fraud-ring-busted
If anyone needs advice on how to find out what DNS addresses they use they should just google for instructions or call their Internet Service Provider. People who use a home router for multiple computers should consult the instructions that came with their device.
November 10th, 2011
Four million computers involved. Whoa.
The FBI has taken down a huge botnet, it’s being called the biggest cybercriminal takedown in history. Four million computers involved. Basically a botnet from Estonia (which may have the dubious distinction of being the first country attacked in cyberwarfare a few years back) was highjacking the DNS settings of victim computers so it could control where victim computers would be sent to. DNS, aka: Domain Name System, is what tells your computer where Internet and network resources are. You type in www.google.com and through DNS, your computer finds out the IP address that is used by www.google.com. So if you control what location information is sent to computers then you can direct them where you actually want them to go e.g. porn sites, sites selling malicious software posing as security applications, phishing websites, etc.
FBI takes down largest cybercriminal organization in history
November 10th, 2011
BOLO Report (LEO blog)
The FBI has taken down a huge botnet, it’s being called the biggest cybercriminal takedown in history. Four million computers involved. Basically a botnet from Estonia was highjacking the DNS settings of victim computers so it could control where victim computers would be sent to. DNS, aka: Domain Name System, is what tells your computer where Internet and network resources are. You type in www.google.com and through DNS, your computer finds out the IP address that is used by www.google.com. So if you control what location information is sent to computers then you can direct them where you actually want them to go e.g. porn sites, sites selling malicious software posing as security applications, phishing websites, etc.
More information on the takedown:
http://blog.trendmicro.com/esthost-taken-down-%E2%80%93-biggest-cybercriminal-takedown-in-history/
http://countermeasures.trendmicro.eu/how-to-check-if-you-are-a-victim-of-operation-ghost-click/
http://www.computerweekly.com/Articles/2011/11/10/248414/FBI-takes-down-botnet-of-four-million-computers-in-Operation.htm
There are so many victims that the FBI has setup a site to see if your computer is affected. Basically you find out what IP address(es) your computer uses for DNS resolution and put that IP into the FBI tool. It then tells you if your computer was affected. Here’s the site:
https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS
Here is the official statement from the FBI:
http://www.fbi.gov/newyork/press-releases/2011/manhattan-u.s.-attorney-charges-seven-individuals-for-engineering-sophisticated-internet-fraud-scheme-that-infected-millions-of-computers-worldwide-and-manipulated-internet-advertising-business
Additional information from Symantec:
http://www.symantec.com/connect/blogs/dnschanger-fraud-ring-busted
If anyone needs advice on how to find out what DNS addresses they use they should just google for instructions or call their Internet Service Provider. People who use a home router for multiple computers should consult the instructions that came with their device.