Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
PSA
Member Login

Site Notices
Posted: 7/5/2012 3:23:11 PM EDT
[Last Edit: 7/5/2012 3:23:34 PM EDT by evenflow]
http://www.wired.com/threatlevel/2012/07/dns-changer-going-dark/

So I got an email from ISP saying I had the malware even though I ran pretty much every anti-virus and malware program out there and came back clean. Anyone else going through this BS? I run servers everyday and know my way around networking. This seems like horse shit.
Link Posted: 7/5/2012 3:30:01 PM EDT
Originally Posted By evenflow:
http://www.wired.com/threatlevel/2012/07/dns-changer-going-dark/

So I got an email from ISP saying I had the malware even though I ran pretty much every anti-virus and malware program out there and came back clean. Anyone else going through this BS? I run servers everyday and know my way around networking. This seems like horse shit.


Shouldnta been browsin goose porn

Link Posted: 7/5/2012 3:31:26 PM EDT
try this site on all of your computers:
http://dns-ok.us/

green = ok, red = infected
Link Posted: 7/5/2012 3:32:11 PM EDT
I guess that's the 64,000 question
Link Posted: 7/5/2012 3:53:46 PM EDT
Originally Posted By evenflow:
http://www.wired.com/threatlevel/2012/07/dns-changer-going-dark/

So I got an email from ISP saying I had the malware even though I ran pretty much every anti-virus and malware program out there and came back clean. Anyone else going through this BS? I run servers everyday and know my way around networking. This seems like horse shit.


DNS changer can hide behind some pretty nasty rootkits...

Thing is, the way most Information Assurance works, all traffic is shunted through intrusion detection devices that screen each packet against a set of rules.
DNS changer is really, really easy to spot this way, because what of how DNS changer works.    There are a few servers that it uses to hijack your stuff, servers that the FBI confiscated and is running to let people disconnect.  The IDS looks for DNS traffic going to those servers.  There is no legit reason to send DNs traffic to those servers, so the false positive rates on this are reaaaaly low.

You might want to look into doing a scan from CD.  Sounds like your machine is compromised pretty bad.
Top Top