Is your DNS server secure or compromised?
Table of Contents
If you don’t know what DNS Exchanger is, please see my previous post below.
post/2012/02/14/DNSChanger-Malware.aspx
The Australian Government now has a website that will check your DNS server to let you know if it is safe. Let’s check how safe your DNS settings are by clicking the URL. (or click here).
Learn more about malware on the FBI website
What is it?
Numerous pornographic websites have been spotted the DNSChanger Trojan Horse (also known as OSX.RSPlug.A, OSX/Puper and OSX/Jahlav.C). This Trojan Horse disguises itself as a video codec. DNSChanger, once installed, changes the DNS settings of the computer and redirects the user to malicious websites. Identity theft can occur if personal information is stored on these malicious websites.
Is DNSChanger spyware?
Yes. Due to the fact that DNSChanger Trojan Horse tricks the user and alters the information requested with altered data, it is classified as spyware as well.
Topher Kessler’s great article
The FBI will shut down a network DNS servers that many people depend on for Internet access. These servers were originally part of a fraud in which an Estonian crime ring distributed a malware package called DNSChanger. The FBI then seized the DNS servers and converted them to a legitimate DNS service.
This malware scam is so widespread that even third-party companies such as Google and Facebook, along with a few ISPs such as Verizon, COX, Verizon and AT&T, have joined the effort to remove it. They send out automatic notifications to users if their systems are set up with the rogue DNS network.
DNSChangerIf you receive this warning or similar warnings while using Google or other services, you should take a few steps to ensure that your system is not compromised. There are two ways to check your system for malware. To check if your computer is part of a rogue DNS network, you first need to check your DNS settings.
Open the Network system preferences on Mac systems and select each network service (WiFi, Ethernet or Bluetooth). Select the service you wish to use, then click the “Advanced” button. Next, select the “DNS” tab. Make a note of the DNS servers. This can also be done in Terminal by running the following command.
Check this location for all network connections to see the DNS configuration in OS X (click for larger view).Screenshot by Topher Kessler/CNETnetworksetup -listallnetworkservices
Next, run the following command for each of the listed names. Be sure to remove any asterisks and ensure that the names are in quotes (if they have spaces).
networksetup –getdnsservers “SERVICE NAMES”
This command can be repeated for all services (especially Ethernet and Wi-Fi connections), to list all DNS servers.
You can open the command-line utility on a Windows machine, including any virtual machines you may have installed. In Windows 7, select “Run” from Start and type “cmd” or in Windows 7 select “All Programs”, then choose the command line from your Accessories folder. To list all network interface information including DNS server IP addresses, use the command line.
You can see all Windows DNS server settings in its command line (click to enlarge).
Once your DNS servers are listed, you can enter them into the FBI’s DNS Checker Web page to check if they have been identified as part of o
