If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#71
|
|||
|
|||
DNS-Changer malware RSS feed reader
98 Guy wrote in :
There was some malware circulating about a year ago that changed the DNS settings in people's routers and on their computers so that the DNS IP-address pointed to IP addresses controlled by hackers or botnet-owners. The hackers operated their own servers DNS at those IP addresses that performed god-knows-what in terms of messing up those systems that connected to them during DNS queries. That's it. I forgot that (not long awake yet). I guess with their own servers all they had to do was change the DNS server reference in the remote machine. Considering it's such a small but immensely powerful change, I'm surprised this wasn't wildly exploited (and fixed) a decade ago, instead of appearing as 'news' now.. |
#72
|
|||
|
|||
DNS-Changer malware RSS feed reader
98 Guy wrote in :
They became reluctant to turn off the surrogate servers after learning that some of the comprimized systems using them belonged to fortune-500 companies as well as .gov and .mil domains, and that too many "important" users would be disrupted by essentially having no working DNS functionality if they took the surrogate servers off-line. I bet that rabbit hole goes deeper too. People don't usually cling to a situation like this unless they were somehow getting covert benefits out of it themselves. |
#73
|
|||
|
|||
RSS feed reader
Lostgallifreyan wrote in
: X in iZotope *sigh*... No W either apparently, as in: I don't think W98 applies. |
#74
|
|||
|
|||
DNS-Changer malware RSS feed reader
Lostgallifreyan wrote:
I'm surprised this wasn't wildly exploited (and fixed) a decade ago, instead of appearing as 'news' now.. You can't fix something like this. If you have equipment that allows the user to change their machine's DNS-server setting, then any malware that is sufficiently "smart" can programatically make the same change. All you need is a vulnerability entry-point to allow the malware to get onto the system - and as we know there have been hundreds if not thousands of vulnerabilities discovered on all manner of electronic devices that have been leveraged over the years to perform various malicious tasks... |
#75
|
|||
|
|||
DNS-Changer malware RSS feed reader
Lostgallifreyan wrote:
too many "important" users would be disrupted by essentially having no working DNS functionality if they took the surrogate servers off-line. I bet that rabbit hole goes deeper too. People don't usually cling to a situation like this unless they were somehow getting covert benefits out of it themselves. Not sure what you mean by that. The "white-hats" operating the surrogate servers are well known, and they have no interest to do anything other than try to support the affected systems as best they can. There have been other situations in the past where white-hats have taken control of C&C (comand and control) servers and instructed them to send commands to infected systems to "deactivate" or disable the malicious software running on those systems. Anyone running a white-hat operation that uses their position and their equipment to steal information or to otherwise "harm" the systems they're ostensibly trying to help would cause quite a stink and would be immediately discoverable by the considerably-knowledgable anti-malware community. |
#76
|
|||
|
|||
DNS-Changer malware RSS feed reader
98 Guy wrote in :
If you have equipment that allows the user to change their machine's DNS-server setting, then any malware that is sufficiently "smart" can programatically make the same change. True, but that means the OS could have shown the user what was there. Anything can be hijacked once SOMEthing is hijacked, given coding ability for it, but this is one of those things that may have worsened as a result of M$ patting user's heads and telling them not to worry, while hiding the core details from them. The resulting lack of willing and easy vigilance is the main reason people get exploited. Same logic as applies to window locks, most burglaries apparently being made easy by poor vigilance and home security. I have a couple of places where I can set a DNS reference. One secure method immediately suggests itself if a router exists. Set the computer to always go to the router's IP, then set the router to point to the external DNS servers. That way the user only needs to know the DNS points to the router (though I guess eben that can be spoofed by malware), but so long as it works, the attacker then has to hack the router, which is a lot harder to do. |
#77
|
|||
|
|||
DNS-Changer malware RSS feed reader
98 Guy wrote in :
I bet that rabbit hole goes deeper too. People don't usually cling to a situation like this unless they were somehow getting covert benefits out of it themselves. Not sure what you mean by that. Nothing specific. It was more of a commentary on the nature of recent events, like phone hacking and bank fraud and political complicity. In all these cases, every inquiry seems to unearth yet more weird creatures under the stones. Given that any life that gains power does so by exploiting unusual situations effectively, I'm assuming that any persistently unusual situation is maintained by something trying to live off it. |
#78
|
|||
|
|||
DNS-Changer malware RSS feed reader
98 Guy wrote in :
Anyone running a white-hat operation that uses their position and their equipment to steal information or to otherwise "harm" the systems they're ostensibly trying to help would cause quite a stink and would be immediately discoverable by the considerably-knowledgable anti-malware community. True, though as with many complex dances of power, there have been effective double agents. Life even at its most basic level uses mimicry as a device. I would be surprised if the net wasn't emulating other things in life, especially as living people are struggling to control it. |
#79
|
|||
|
|||
DNS-Changer malware RSS feed reader
Lostgallifreyan wrote:
If you have equipment that allows the user to change their machine's DNS-server setting, then any malware that is sufficiently "smart" can programatically make the same change. True, but that means the OS could have shown the user what was there. Any OS that is constantly showing the user instances where changes were being made, the OS would tie itself up in knots and the user would be pulling out his hair. In the case where the DNS change was made in the router, the OS would have no direct knowledge of that. Many routers are now performing DNS relaying. When they hand out DHCP information, they don't explicitly tell the clients what the real DNS server is. DNS relaying is a stupid, bone-head thing for a router to be doing, but some jack-asses thought that's how routers should now operate. One secure method immediately suggests itself if a router exists. Set the computer to always go to the router's IP, then set the router to point to the external DNS servers. That is DNS relaying, and it's just plain stupid. Because unless you're always accessing your router's administrative settings via http (and how many people do that) - then you'll never know if some malware went in and changed the DNS settings in the router. That way the user only needs to know the DNS points to the router The vast, vast majority of people don't even know what a router is. You're not thinking properly of the typical use-case situation here. |
#80
|
|||
|
|||
DNS-Changer malware RSS feed reader
98 Guy wrote in :
Any OS that is constantly showing the user instances where changes were being made, the OS would tie itself up in knots and the user would be pulling out his hair. It would only need to alert if some change were attempted. It could be part of any AV, anti-trojan, etc. It's security would be no better or worse than the host program. There are many small monitors in many systems, so the more paranoid users could have a couple that did this, and so long as neither shouted, and both agreed when examined, it would keep many users both safe and happy. It's a very small thing to watch, the overheads could be smaller than those of an idle task scheduler. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Data Feed inn Excel Form | S1L1Y1 | General | 10 | March 28th 08 08:45 PM |
Data Feed in Excel form | S1L1Y1 | General | 0 | March 27th 08 08:19 PM |
PDF Reader | Dapper Dan | General | 19 | April 11th 07 02:18 PM |
RSS Reader | Stan | General | 1 | August 27th 06 10:19 PM |
adding rss feed | Bob | General | 0 | June 20th 06 11:14 PM |