FBI — Check to See if Your Computer is Using Rogue DNS

FBI — Check to See if Your Computer is Using Rogue DNS.

Takes just a few seconds to get your ip address and check it.

From the FBI site:

DNS (Domain Name System) is an Internet service that converts user-friendly domain

names into the numerical Internet protocol (IP) addresses that computers use to talk to

each other. When you enter a domain name, such as http://www.fbi.gov, in your web browser

address bar, your computer contacts DNS servers to determine the IP address for the

website. Your computer then uses this IP address to locate and connect to the website. DNS

servers are operated by your Internet service provider (ISP) and are included in your

computer’s network configuration. DNS and DNS Servers are a critical component of your

computer’s operating environment—without them, you would not be able to access

websites, send e-mail, or use any other Internet services.

Criminals have learned that if they can control a user’s DNS servers, they can control what

sites the user connects to on the Internet. By controlling DNS, a criminal can get an

unsuspecting user to connect to a fraudulent website or to interfere with that user’s online

web browsing. One way criminals do this is by infecting computers with a class of malicious

software (malware) called DNSChanger. In this scenario, the criminal uses the malware to

change the user’s DNS server settings to replace the ISP’s good DNS servers with bad DNS

servers operated by the criminal. A bad DNS server operated by a criminal is referred to as

a rogue DNS server.

The FBI has uncovered a network of rogue DNS servers and has taken steps to disable it.

The FBI is also undertaking an effort to identify and notify victims who have been impacted

by the DNSChanger malware. One consequence of disabling the rogue DNS network is that

victims who rely on the rogue DNS network for DNS service could lose access to DNS

services. To address this, the FBI has worked with private sector technical experts to

develop a plan for a private-sector, non-government entity to operate and maintain clean

DNS servers for the infected victims. The FBI has also provided information to ISPs that can

be used to redirect their users from the rogue DNS servers to the ISPs’ own legitimate

servers. The FBI will support the operation of the clean DNS servers for four months,

allowing time for users, businesses, and other entities to identify and fix infected

computers. At no time will the FBI have access to any data concerning the Internet activity

of the victims.

It is quite possible that computers infected with this malware may also be infected with

other malware. The establishment of these clean DNS servers does not guarantee that the

computers are safe from other malware. The main intent is to ensure users do not lose DNS



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s