There are news stories going around that there will be a complete blockage of the Internet from 8th march. Well this is not the complete and true story.
Only the users who are affected with the ‘DNS Changer’ trojan will be facing the Internet blockage and not all the users.
In order to clear the air regarding this, given below is the brief description of the working of the DNS Changer trojan.
After execution of the sample, it simply changes the default DNS present on the system to some rogue DNS server and deletes copies of itself.
So whenever the user accesses any website, for instance ‘Google.co.in’, the request is sent to the Rogue DNS server which uses the query to display relevant ads to the query. This is also used to stop the antivirus from getting updates.
In November, the FBI found one such rogue DNS network. Taking down this system at that time could have resulted in complete stoppage of the Internet for all the users having the rogue DNS.
The FBI replaced the Rogue DNS server with legitimate ones, a measure the agency said will be in effect for 120 days (i.e till 8th March). This is done in order to give some time to the infected users to clean up their system.
To verify if you are infected by the DNS Changer trojan check your DNS Server IP [ Run-> Cmd-> Ipconfig /all ].
If the DNS servers IP falls in between this range then it is possible that your system is infected by the DNS Changer Trojan.
Starting From |
Through |
Ending With |
85.255.112.0 |
upto |
85.255.127.255 |
67.210.0.0 |
upto |
67.210.15.255 |
93.188.160.0 |
upto |
93.188.167.255 |
77.67.83.0 |
upto |
77.67.83.255 |
213.109.64.0 |
upto |
213.109.79.255 |
64.28.176.0 |
upto |
64.28.191.255 |
We kindly request all users not to trust such news completely.
Quick Heal detects this Trojan as Trojan.DnsChanger.Gen.
No Comments, Be The First!