Monday, March 5, 2012

Goodbye Internet


Come March 8, the Internet could stop working for millions of users because of a virus, DNS Changer, which has corrupted millions of computers in more than 100 countries.

Though the US Federal Bureau of Investigation (FBI) has shut down the rogue DNSChanger network and put up surrogate servers following a US court order, it has the mandate to run the temporary network only till March 8.

Unless the FBI obtains a fresh order, the network will be turned off, resulting in millions of computers worldwide no longer having Internet access.

In November 2011, six Estonian nationals were arrested for running a sophisticated Internet fraud ring that infected millions of computers worldwide with the DNS Changer which enabled them manipulate the multibillion dollar Internet advertising industry.

This virus also made computers vulnerable to a host of other viruses. The criminals are said to have siphoned off $14 million, but the amount could be much larger because banks are typically reluctant to reveal how much they have lost. The two-year FBI investigation was code-named Operation Ghost Click.

What is DNS?

DNS stands for Domain Name System. It is an Internet service that converts user-friendly domain names into the numerical Internet protocol (IP) addresses that computers use to talk to each other.
DNS and DNS Servers are a critical component of your computer’s operating environment. 

Without them, you would not be able to access websites, send e-mails or use any other Internet service.

When you enter a domain name, such as www.abc.com, in your web browser’s address bar, your computer contacts DNS servers to determine the site’s IP address. Your computer then uses this IP address to connect to the website.

DNS servers are operated by your Internet service provider (ISP) and are included in your computer’s network configuration.

What is DNSChanger?

A small file about 1.5 kilobytes, DNSChanger is a Trojan that changes the infected system’s DNS settings, in order to divert traffic to unsolicited and potentially illegal sites.

This Trojan is designed to change the “NameServer” Registry key value to a custom IP address, which is usually encrypted in the body of the Trojan.

By controlling DNS, a criminal can get an unsuspecting user to connect to a fraudulent website or interfere with that user’s online web browsing.

DNSChanger malware causes a computer to use rogue DNS servers in one of two ways.

 First, it changes the computer’s DNS server settings to replace the ISP’s good DNS settings with rogue DNS IP addresses operated by the criminal.

Second, it attempts to access devices on the victim’s office or home network that run a dynamic host configuration protocol (DHCP) server (for example, a router). 

The malware attempts to access your router using common default user names and passwords. This is usually “admin” and “admin” respectively.

It converts the genuine DNS settings these devices use to rogue DNS settings operated by the criminals. This is a change that impacts all computers on the corporate network, even if individual computers are not infected.

One consequence of the FBI disabling the rogue DNS network is that victims who unknowingly access the Internet through rogue servers could lose access to the Internet altogether.

So the FBI got a court order allowing them to replace the rogue servers with legitimate stand-ins. The FBI was told to educate the public and Internet Service Providers about the DNSChanger malware.

If your ISP’s DNS server is infected, you, too, will be affected. How do you know if your computer is infected? It is best to have it evaluated by a professional.

You can also check it yourself in Windows 7 by going to the Start menu, typing Run and then cmd. At the command prompt, enter: ipconfig /all. Look for the entry that reads “DNS Servers……….”

The DNS numbers are in the format of nnn.nnn.nnn.nnn, where nnn is a number from 0 to 255. Make note of the IP addresses for the DNS servers and compare them to the table of known rogue DNS servers.

If you are using a Mac, click on the Apple symbol in the top left corner and choose System Preferences, then Network and click on the Advanced button. Choose the DNS tab on top to show the DNS servers you are using.

There is a special website to check if your ISP’s DNS requests are made to the right places: http://www.dns-ok.de

This site will tell you if you are affected by the DNS Changer malware or not.

What will happen after March 8?

According to the FBI, it will shut down the surrogate DNS servers over a period of four months, affecting millions of users who are still using rogue DNS addresses.

If your PC is infected by rouge DNS, you can use Avira DNSRepair tool. Download it from: www. avira.com/files/support/FAQ_KB_Download_Files/EN/AviraDNSRepairEN.exe.

Mac users just make sure you are using the correct DNS. And check your computer thoroughly for other malware.




Courtesy: The Telegraph, Kolkata.


RBI hints at another CRR cut also rules out SLR reduction


The Reserve Bank on Monday hinted at another reduction in the Cash Reserve Ratio (CRR) of banks to ease the severe liquidity in the system but ruled out a cut in the Statutory Liquidity Ratio (SLR), saying that such a move will not create any additional cash flow.

”Space for (more) CRR cut still exists as we need to see significant fall in aggregate deficit,” RBI Deputy Governor Subir Gokarn told reporters on the sidelines of a function.He did not indicate any timeline for the cut.

Gokarn, however, ruled out any cut in the SLR saying,”Reducing SRL will not create any additional capacity in the system at this point of time, because of there is surplus.

If SLR is close to the limit, then a reduction is possible, and may have created capacity. But given the situation all instruments are on the table.”

On January 24, RBI had cut CRR by 0.5 percentage points to 5.5 per cent, releasing Rs 32,000 crore into the system. Since then, the fund crunch has only worsened.

Last Thursday, the strain on the system rose to high of Rs 1.02 lakh crore. And going forward it will only increase as by March 15 companies will have to make advance tax payments, which will drive out Rs 60,000 crore from the system.

Another Rs 12,000 crore is likely to go out of banks due to the ONGC auction last week and companies will drain a similar amount out on account of excise duty payment.

Stating that liquidity deficit is partly structural and partly temporary, Gokarn said, “Current call rates suggest that things are relatively stable (since) there is arbitrage in the market.

”Banks which have surplus SLR can borrow at the LAF (liquidity adjustment facility) and lend through call (money) market to banks which do not have excess SLR. So, the fact that SLR is skewed is not a cause of concern.”