DNS Change Virus, TDSS, Alureon, TidServ and TDL4 viruses

DNS Change Virus Working Group - About UsIf you are wondering about the rumors you’ve heard on the possibility of losing internet service on Monday July 9, 2012, you have come to the right place. They are not rumors, they are a reality. On Monday July 9th of 2012, millions of people may lose their internet service because of a virus affecting the way the computer looks for internet sites. This virus is commonly known as the DNS Change Virus, but is also known as the TDSS virus, Alureon virus, TidServ virus, and TDL4 virus.

All Systems affected by the DNS Change Virus

Any computer or device that connects to the internet may be infected by this virus: windows systems, mac computers, smart phones, tablets, routers, cable modems, dsl modems, etc. This virus family is pervasive. Ugh! if only those bright minds would put their god-given talents to good use! It is so sad that many of these bright minded people are now convicted felons, doing jail time and banned from computers. If you are not sure if your system has been affected, you can find out in just a few clicks with nothing to install or download whether your system has been compromised by the DNS Change Virus.

Detect for the DNS change virusTo check your computer to see if you have been affected by the DNS Change Virus, you can go to a site set up by the FBI. All you have to do is simply click on one or several of the links on the FBI page with NOTHING TO DOWNLOAD and the browser will tell you whether your machine has been compromised or not. A lot of computers may have the virus, and their owners may not be aware of it at all.

How does the DNS Change Virus work?

As usual, some enterprising criminal minds decided to create a virus that would reside on computers re-routing the way they look up at websites when doing a search online. In order to re-route the traffic udetected, they set up what I will call “bad” servers. Through these “bad” servers they would capture all the traffic from the infected computers and insert among the search results “bad links” in such a way that would almost be undetectable to the user browsing online. Forcing traffic, to certain degree, through choice sites for their personal gain. Well, why else go through all that trouble, right? See the problem is, they left out consumer choice, and that is why the feds got involved.

I will use a simple metaphor to explain what was happening. Imagine a “detour” sign on the highway, that nobody authorized that literally made you go through a restaurant’s drive through window at lunch time when you were trying to go to the post office, or stores with special bargains on highly coveted consumer goods around payday as you were headed to the bank to deposit your check. Well, isn’t what good marketing does? Yes, and no. Good marketing makes consumer goods highly desirable, but they do not force you to walk into the restaurant or store before you head to the bank to deposit your paycheck. And of course, there was some financial gain involved in this scheme for those who implemented this highly sophisticated hijacking system. When the hackers got busted last year by the FBI, the feds realized that if they turned off the hackers’ bad servers, hundreds of thousands of people would not be able to access the internet as the “detour” route would come to a dead end, and service providers would be overwhelmed with calls from users. So they set up “good” servers to give users and systems a chance to disconnect or stop being re-routed by the “bad” servers. A year later, tens of thousands of systems and Fortune 500 companies are still infected. Monday July 9th 2012, the good servers will be turned off. So, now is a good time to check with nothing to download, and in a couple of clicks your browser will let you know right away whether you are infected with the DNS Change virus or not.

STEP ONE – Check your system

Go to the FBI site, and click on one of the links on this page:
http://www.dcwg.org/detect/

You will soon see this table
DNS Changer - Check Servers TableAll you have to do is click on any of the links listed there and your browser will tell you right away whether your computer is infected or not. If you are not infected, great! If you ARE infected, keep reading as there is more help for you.

STEP TWO: What to do if infected with the DNS Change virus

How to fix DNS Change VirusIf you are the Do-it-yourself kind of person like me, the kind who reads all instructions manuals without skipping sections or chapters to make sure all bases are covered, then simply go to this page on the FBI site to read more on how to fix a DNS change or TDSS virus infection, use the tools listed there and follow the necessary steps to rid your system of the pesky hijacking DNS change virus.

FBI page on how to fix a DNS Change virus infection: http://www.dcwg.org/fix/

If you are not sure how to go about it, then reach out to a trusted technician, computer guru or professional to help you as you could complicate DNS lookup and other related functions on your system that could cause you great frustration and grief.

Some service providers include computer check ups, free antivirus software, online detection, and phone technical assistance as part of your monthly service. You may want to check with them and use the services you already pay for as part of your internet service plan before you go out and pay premium fees from a professional.

Whatever you do, just don’t wait until the last minute or until you can no longer get online, as there will be thousands of people in the same situation you are. So, take some time this weekend to make sure you are not “locked out” of your online access. Hey, we may all go back to walking down the local coffee shop to actually pick up the day’s newspaper to read the news the old-fashioned way. The problem may be that some of us may be forced to re-read the news we read online yesterday!

For more information

You can read the entire story and sting operation on the FBI’s website: http://www.fbi.gov/news/stories/2011/november/malware_110911/malware_110911

You can read the FBI press release about the sting operation: http://www.fbi.gov/newyork/press-releases/2011/manhattan-u.s.-attorney-charges-seven-individuals-for-engineering-sophisticated-internet-fraud-scheme-that-infected-millions-of-computers-worldwide-and-manipulated-internet-advertising-business

San Francisco Chronicle: http://www.sfgate.com/news/article/Malware-may-knock-thousands-off-Internet-on-Monday-3684832.php

CBS News Article: http://www.cbsnews.com/8301-501465_162-57466849-501465/thousands-may-lose-internet-on-july-9/

Miami Herald: http://www.miamiherald.com/2012/07/05/2882334/malware-may-knock-thousands-off.html

About computerdoctora

Sylvia started designing websites in 1996 when ICQ was all the rage. Architecture and Planning took center stage while she honed her project management skills on large urban development projects. She translated her project management skills to the entertainment industry for a season through Act One, Hollywood Above the Line. She is now focused on her consulting work as an Architect and an Urban Planner.
This entry was posted in General. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *