mersenneforum.org  

Go Back   mersenneforum.org > Fun Stuff > Lounge

Reply
 
Thread Tools
Old 2012-05-17, 20:29   #1
c10ck3r
 
c10ck3r's Avatar
 
Aug 2010
Kansas

547 Posts
Exclamation DNS Hijack (moved from Server problems thread)

Rec'd this from the ABA, thought I'd warn the powers that be.

Infected Users to Receive Warning about July 9 'Internet Doomsday'
OpenDNS and CloudFlare have developed a message alert system to notify more than a half-million U.S. users that they are infected with the DNSChanger malware. Infected users will receive a message on their computer screen suggesting they likely have the DNSChanger malware and are then directed to an OpenDNS Web site which has instructions on how to switch DNS to OpenDNS's trusted servers. The FBI plans to shut down the server on July 9 to prevent infected PCs from reaching the Web. Users who don’t remove the malware by July 9 will have to load anti-virus software on their computers by disc or USB drive, which can be difficult for users who don't have access to a second PC for downloading anti-virus software. See the FBI's Web site for more information.
c10ck3r is offline   Reply With Quote
Old 2012-05-17, 20:44   #2
chalsall
If I May
 
chalsall's Avatar
 
"Chris Halsall"
Sep 2002
Barbados

24FF16 Posts
Default

Quote:
Originally Posted by c10ck3r View Post
Rec'd this from the ABA, thought I'd warn the powers that be.
I'm not entirely sure that's true. But then again, I wouldn't be surprised.

I personally do not trust OpenDNS. I don't like the fact they answer authoratively for domains which don't exist; covered with ads.

Google's DNS servers at least will say when they don't know the answer. 8.8.8.8 and 8.8.4.4.

Or, you can simply run your own DNS servers, and talk to the root servers.
chalsall is offline   Reply With Quote
Old 2012-05-17, 21:26   #3
c10ck3r
 
c10ck3r's Avatar
 
Aug 2010
Kansas

547 Posts
Default

Quote:
Originally Posted by chalsall View Post
I'm not entirely sure that's true. But then again, I wouldn't be surprised.
(Snip snip)
Well, I assure you it was from the American Banking Association, who forwarded it to my employer (a member bank).
The FBI link is legit, and I made sure by accessing via the generic fbi.gov site before posting.
c10ck3r is offline   Reply With Quote
Old 2012-05-17, 22:06   #4
Dubslow
Basketry That Evening!
 
Dubslow's Avatar
 
"Bunslow the Bold"
Jun 2011
40<A<43 -89<O<-88

3·29·83 Posts
Default

This isn't the first time I've heard about this; the FBI has been issuing warnings via various methods (including the news, I believe) for at least 6 months now. That's why I had no trouble believing this.
Dubslow is offline   Reply With Quote
Old 2012-05-17, 22:54   #5
chalsall
If I May
 
chalsall's Avatar
 
"Chris Halsall"
Sep 2002
Barbados

223778 Posts
Default

Quote:
Originally Posted by c10ck3r View Post
Well, I assure you it was from the American Banking Association, who forwarded it to my employer (a member bank). The FBI link is legit, and I made sure by accessing via the generic fbi.gov site before posting.
OK.

My issue is I don't like how OpenDNS deals with resolution of domains which don't exist. According to RFC 2606, when a domain name server doesn't know the answer to a question, it should say so.

OpenDNS answers all DNS queries; those it doesn't know about it answers with the IP of a web server which starts with ads.

For example, from the Unix, first quering OpenDNS:

Code:
[chalsall@burrow ~]$ dig @208.67.220.220 thisshouldnotresolve.com

; <<>> DiG 9.8.2-RedHat-9.8.2-1.fc15 <<>> @208.67.220.220 thisshouldnotresolve.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16219
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;thisshouldnotresolve.com.	IN	A

;; ANSWER SECTION:
thisshouldnotresolve.com. 0	IN	A	67.215.65.132
Then, asking Google's DNS:

Code:
[chalsall@burrow ~]$ dig @8.8.8.8 thisshouldnotresolve.com

; <<>> DiG 9.8.2-RedHat-9.8.2-1.fc15 <<>> @8.8.8.8 thisshouldnotresolve.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34873
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;thisshouldnotresolve.com.	IN	A

;; AUTHORITY SECTION:
com.			819	IN	SOA	a.gtld-servers.net. nstld.verisign-grs.com. 1337294775 1800 900 604800 86400
chalsall is offline   Reply With Quote
Old 2012-05-17, 23:57   #6
bcp19
 
bcp19's Avatar
 
Oct 2011

12478 Posts
Default

Quote:
Originally Posted by Dubslow View Post
This isn't the first time I've heard about this; the FBI has been issuing warnings via various methods (including the news, I believe) for at least 6 months now. That's why I had no trouble believing this.
I read something on this quite a while back, but it seemed most people didn't want to trust the FBI link, mainly due to paranoia about them finding stuff on their systems lol.
bcp19 is offline   Reply With Quote
Old 2012-05-18, 03:30   #7
kladner
 
kladner's Avatar
 
"Kieren"
Jul 2011
In My Own Galaxy!

22×2,539 Posts
Default

Quote:
Originally Posted by bcp19 View Post
I read something on this quite a while back, but it seemed most people didn't want to trust the FBI link, mainly due to paranoia about them finding stuff on their systems lol.
That, and I have gotten quite a few phishing-type emails which claim to be from the FBI, as well as from Hillary Clinton, and the usual Russian Oil Tycoons' Widows, HRM The Queen of England, and Nigerian Bankers. And besides, c10ck3r did verify the source. That does leave aside the question of how much faith you want to put into government pronouncements of the scary sort.

I'll try to gather some of my collection of amusing bogus emails and post them over at The Lounge, or wherever that thread is.

Last fiddled with by kladner on 2012-05-18 at 03:31
kladner is offline   Reply With Quote
Old 2012-05-18, 04:11   #8
bcp19
 
bcp19's Avatar
 
Oct 2011

7×97 Posts
Default

Quote:
Originally Posted by kladner View Post
That, and I have gotten quite a few phishing-type emails which claim to be from the FBI, as well as from Hillary Clinton, and the usual Russian Oil Tycoons' Widows, HRM The Queen of England, and Nigerian Bankers. And besides, c10ck3r did verify the source. That does leave aside the question of how much faith you want to put into government pronouncements of the scary sort.

I'll try to gather some of my collection of amusing bogus emails and post them over at The Lounge, or wherever that thread is.
If I were in the affected group, I would not hesitate to use the FBI assist as I would simply go to the FBI website and look it up there rather than use an email link. Since I get dozens of paypal alerts a month telling me that if I don't respond my account will be locked, I am used to not clicking email links(Unless I am feeling ornery then I use a username like ^$()*&#(^$ or @^$^@$^@ and the email stickit@yourrear.com). Then there's the millions I fail to collect from all my little known relatives who have died in Africa and I've probably lost over a billion dollars so far. God, I must be crazy ;)
bcp19 is offline   Reply With Quote
Old 2012-05-18, 05:14   #9
LaurV
Romulan Interpreter
 
LaurV's Avatar
 
Jun 2011
Thailand

100100001011112 Posts
Default

That's bull. Especially the part with "access to a second computer to dld antivirus software". You should have a good sleep and do nothing about it. To avoid any later remorse, you can eventually take eset's not32 from the web, is free for 30 days (and you can reinstall it every 30 days, if you can't afford 25 bucks per year per 3 computers). It is the best on the market since 12 years (most vb100 awards), according with virusbuletin, I am using it for more then 16 years (licensed) without any headache in all this time, it is faster then all competitor's who can rival at strengths and much stronger then all the others who can't. It has one of the best heuristics I saw (I know what I am talking about, I did thousands of tests, and I proudly own a "small virus collection" with over 30 thousands virus families).
LaurV is offline   Reply With Quote
Old 2012-05-18, 05:34   #10
PageFault
 
PageFault's Avatar
 
Aug 2002
Dawn of the Dead

5×47 Posts
Default

How about responsible use of the intarweb ... 25 years here, only 1 virus, which was removed as a still dormant trojan ... that was 12 years ago. Any time you see "click hear for free money / pr0n / whatever", head for the hills ...

Symantec does it for the rest ...
PageFault is offline   Reply With Quote
Old 2012-05-18, 06:02   #11
Dubslow
Basketry That Evening!
 
Dubslow's Avatar
 
"Bunslow the Bold"
Jun 2011
40<A<43 -89<O<-88

11100001101012 Posts
Default

Dubslow is offline   Reply With Quote
Reply

Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
OFFICIAL "SERVER PROBLEMS" THREAD ewmayer PrimeNet 2108 2021-02-16 05:23
Abortion debate (moved from 2012 election thread) Christenson Soap Box 112 2016-07-01 15:15
Server maintenance thread Madpoo PrimeNet 9 2015-07-25 07:47
Escaping drivers (moved from 4788 thread) schickel Aliquot Sequences 10 2012-05-22 10:50
Where I should write C code (thread moved) maqableh Programming 9 2006-05-12 16:22

All times are UTC. The time now is 18:40.

Wed Feb 24 18:40:12 UTC 2021 up 83 days, 14:51, 0 users, load averages: 2.05, 2.00, 1.94

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.

This forum has received and complied with 0 (zero) government requests for information.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.
A copy of the license is included in the FAQ.