July 9: Are you well prepared?

 | July 09,2012 12:36 am IST

Malware threat on Monday: More than 30,000 infected PCs in India may lose internet access from 9th July 2012.

The following information can help you protect yourself from the disastrous incident:


Q : What does DNS stand for?
Domain Name System (DNS) is a nomenclature for computers or any other resource connected to the Internet.

It converts a user-friendly domain name into numerical addresses which help the computers to connect to each other. When you enter the name of a website in the address bar, the DNS servers figure out the IP address for the website, which in turn is used to locate and connect to the website.

Q : What is a DNS changer?
It is a type of malware used by hackers to change a user's DNS server settings, replacing the ISP's valid DNS servers with rogue DNS servers operated by a hacker. 

Q : What else can a DNS changer do?
A DNS changer can even bring an undesirable change even in the other computers on a network by just affecting one of them.

Q: What is a Rogue DNS server?
A bad DNS server operated by a cyber criminal (hacker) is technically called as a rouge DNS server.

Q: What is DNS spoofing?
It is an attack by a hacker in which the changes are made to the DNS name servers cache database. This creates a change in the path of a website request and diverts the traffic to another computer/server, mostly that of a hacker.

Q: How to help/prevent such issues?
1) Open DNS, a DNS resolution service can be used to extend features like phishing protection and optional content filtering.
2) A proprietary opt-in service DNS Advantage can be made use of which provides with DNS resolution and blocking of malicious or questionable websites.
3) Free public DNS services like Norton DNS and Google Public DNS can also be some good options as they offer well secure connections.
4) Internet Engineering Task Force (IETF) provides Domain Name System Security Extensions (DNSSEC) for securing certain kinds of information provided by the DNS as used on the IP networks.


Q: I have heard about Domain hijacking. Please tell me about that.
Domain hijacking or domain theft involves changing the registration of a domain name without the permission of its original registrant. Additionally, the hijacker can use the domain name to facilitate illegal activity such as phishing, where a website is replaced by an identical website that records private information such as log-in passwords.


Q: Am I in a trap?
Though there are professional services available in the market, you can also do some self-help.
1) For a Windows computer, open a command prompt. This can be done by selecting Run from the Start Menu and entering cmd.exe

2) At the command prompt, enter: ipconfig /all
Look for the entry that reads DNS Servers.

3) The numbers on this line and the line(s) below it are the IP addresses for your DNS servers. These numbers are in the format of nnn.nnn.nnn.nnn, where nnn is a number in the range of 0 to 255. Make note of the IP addresses for the DNS servers and compare them to the table of known rogue DNS servers. If the IP addresses of your DNS server appear in the table below, then the computer is using rogue DNS.

4) Rogue DNS Servers Table: To make the comparison between the computers DNS servers and this table easier, start by comparing the first number before the first dot.For example, if your DNS servers do not start with 85, 67, 93, 77, 213, or 64, you can move on to the next step. If your servers start with any of those numbers, continue the comparison. through through through through through through

Q: Oh! My God, I just found that my computer is infected. How to help the issue?

A: 1. Call IT support: If available.
2. Disconnect your computer from the Internet : to prevent any further loss.
3. Back up your important files
4. Scan your computer
5. Reinstall your operating system : In case, step 4 does not help you out.
6. Restore your files: If you created a backup in Step 3, you can now restore your files. Before placing the files back to the computer, you should scan them with your anti-virus software to check them for known viruses.