FBI Warns of possible hacking.... this might be a biggie!

This is a discussion on FBI Warns of possible hacking.... this might be a biggie! within the Photography Tips forums, part of the PHOTO FORUM category; Check your own system out! Malware may take you to rogue sites without your knowledge. Details here ....


Results 1 to 4 of 4
  1. #1
    Senior Member
    Join Date
    Feb 2012
    Posts
    313
    PHOTO EDITING NOT OK

    FBI Warns of possible hacking.... this might be a biggie!

    Check your own system out! Malware may take you to rogue sites without your knowledge.

    Details here.
    Sick of all the spam and advertising. I'm done here.


  • #2
    Super Moderator
    Join Date
    Dec 2010
    Location
    Michigan, USA
    Posts
    1,320
    Equipment
    Canon 5D mk II, EF 14mm f/2.8L II, TS-E 24mm f/3.5L II, EF 24-70mm f/2.8L, EF 70-200mm f/2.8L IS, EF 100mm f/2.8L Macro IS, EF 135mm f/2L, EF 300mm f/2.8L IS, Speelite 430EX II, 5380EX II
    PHOTO EDITING OK
    I actually know someone who got bit with this malware several years ago. He called for help because he PC was acting up and I found and fixed the problem (it was actually pretty easy to remove.)

    But when I saw the articles on this, I had to wonder... why would the FBI bother to turn the rogue DNS server into a server which behaves normally? Wouldn't the better solution take advantage of the rogue DNS server to point all queries to a page that says: btw, you need to remove some malware from your PC.

    That way owners of infected machines would at least know they have a problem.
    Tim Campbell

  • #3
    Senior Member
    Join Date
    Feb 2012
    Posts
    313
    PHOTO EDITING NOT OK
    Quote Originally Posted by TCampbell View Post
    I actually know someone who got bit with this malware several years ago. He called for help because he PC was acting up and I found and fixed the problem (it was actually pretty easy to remove.)

    But when I saw the articles on this, I had to wonder... why would the FBI bother to turn the rogue DNS server into a server which behaves normally? Wouldn't the better solution take advantage of the rogue DNS server to point all queries to a page that says: btw, you need to remove some malware from your PC.

    That way owners of infected machines would at least know they have a problem.
    They key to the scam is the computer owners DON'T know they're infected.
    Sick of all the spam and advertising. I'm done here.

  • #4
    Super Moderator
    Join Date
    Dec 2010
    Location
    Michigan, USA
    Posts
    1,320
    Equipment
    Canon 5D mk II, EF 14mm f/2.8L II, TS-E 24mm f/3.5L II, EF 24-70mm f/2.8L, EF 70-200mm f/2.8L IS, EF 100mm f/2.8L Macro IS, EF 135mm f/2L, EF 300mm f/2.8L IS, Speelite 430EX II, 5380EX II
    PHOTO EDITING OK
    I mentioned I have a friend who had this problem (I've long since cleaned it out of his PC) -- but this was back when the rogue DNS servers were active and sending out bad addresses.

    He gave me an example to illustrate the problem. I'll describe it.

    He visited Google.com and typed in a search query for "Ford". A top hit from Google was (not surprisingly) the "Ford Motor Company" website. The Google search results looked completely normal. ALSO... he got the same search results I got when performing the search on a non-infected computer. I even inspected the page contents (I displayed the source HTML and compared it). They really were normal.

    He then followed the first link to take him to the "Ford Motor Company" but instead of ending up at the Ford Motor Company, he ended up at some other website (and the money-making angle of the scam is that they were using these infected computers to drive click-stream revenue from ads... so owners of businesses which were legitimately paying to have ads placed, THOUGHT they were getting interested customers coming to their websites and were having to pay the ad agency (which was really involved in the scam) for each user who "clicked" the ad. The truth was, these users did NOT click any ads. The DNS servers routed the computer through in such a way that only made it seem like the end-users were coming to their site voluntarily.

    Basically, he KNEW his computer was infected with something. He just didn't know what it was or how it got there.

    I work in the industry and have a pretty deep knowledge of network stacks. So I did a few tests on his PC and realized straight away that the only thing wrong with his PC was that he was pointing at a DNS server which was NOT the DNS server his ISP wanted him to use (you can configure a PC to point at any DNS server on the Internet.) A few tests with DNS query tools revealed that the IP addresses he got back from searches (using, for example, 'nslookup' commands) revealed that the answers he got and the answers I got (on a non-infected machine) were NOT the same. I knew he was pointing at a rogue server.

    I did a bit of research and about 5 minutes later the malware was gone (it was just a script installed which, upon boot, would always alter the DNS server to point at the rogue server. I only needed to delete the script and then fix the DNS setting in Windows to point back to the server the ISP was hosting for DNS.)

    Had it not been for the FBI fix, users would know their computers were acting strangely when trying to visit websites.

    My suggestion was since the current FBI "fix" unfortunately completely masks the problem -- that a better fix might be to make it completely obvious to the user that they have a problem and also provide information on how a semi-technical person can fix it themselves or how a non-technical person can get help. I'm sure Best Buy's "Geek Squad" would gladly fix the problem for someone willing to pay. But the steps required to clean the malware were pretty easy that anyone familiar with opening a DOS "cmd" prompt could very easily type a few commands to remove it -- and that would be free.
    Tim Campbell


  •  

    Remove Ads

    Sponsored Links

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •  

    Similar Threads

    1. still hacking out the IR thing
      By JonMikal in forum Landscape & Flower Photography
      Replies: 11
      Last Post: 08-14-2006, 09:56 PM
    2. Google warns on 'unsafe' websites
      By MOD in forum What's In The News
      Replies: 0
      Last Post: 08-07-2006, 12:12 PM

    Search tags for this page

    best notorious hacking scam forum

    ,

    fbi warns of hacking photographs

    Click on a term to search for related topics.