You'e Got Mail - From the FBI! Phishing Scam or Real Warning? Who are DCWG Anyway? - Granite Grok

You’e Got Mail – From the FBI! Phishing Scam or Real Warning? Who are DCWG Anyway?

One of our Groksters reported getting mail about DCWG and the FBI, and wondered if it was legitimate, or a scam – admirable caution, but this little gem is the real deal! Some people actually received notices stating that the FBI might be about to pull the plug on their Internet browsing…… ON MONDAY JULY 9th!!

Out in the Wild, Wild, Internet, connections reach web servers via very long numbers called IP addresses, and the friendly names that you type are translated by a giant phonebook called the Domain Name Service (DNS). Your PC knows which “phonebook(s)” to look in because your Internet Service Provider tells it, but imagine if someone snuck in and changed the phonebook so that some of your browsing went to the wrong place. You wouldn’t click on a link in an email telling you to go to myfakebank.com and divulge your account number and password, but what if your saved bookmark to myrealbank.com was diverted? (Like having the 411 operator occasionally give out the number of a crooked enterprise instead of a legitimate business.)

Well, that’s exactly what happened: “DNSchanger” is malware that changes the DNS settings on your PC so that you can be diverted at will by a series of crooked servers (phonebooks), and most likely disables your virus checking software, or at least renders the update servers unreachable. Once the bad guys had control, they could install more malware, make your PC into a member of a “botnet” which could be used for nefarious purposes, divert your browsing and steal your personal information, or manipulate internet advertising. In all, 6 Estonians netted around $14M before the FBI nabbed them.

The fake DNS servers were taken offline, but the bad settings in millions of PCs worldwide remained, and just cutting off the service would leave those users high and dry, and unable to browse the Net. SO, the FBI got a court order giving it temporary ownership of the IP addresses of all those fake servers, and contracted with Internet Systems Consortium to run clean DNS servers at those addresses. In addition, the FBI collaborated with the DNS Changer Working Group (DCWG) to set up a method of tracking and testing infected PCs, with the goal of alerting most of the affected users before the court order ran out, and those temporary servers were shut off.

The good news – the number of infected PCs in the USA is down from over 500,000 to about 250,000; The bad news – the temporary service goes dark on Monday July 9th! SO, if you got an email warning you that the FBI was about to shut of your Internet service, you might want to take it seriously. There again, just because you get a warning, doesn’t mean it’s legitimate, so here are some helpful links, followed by an excellent explanatory video from SOPHOS:

http://www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-malware.pdf (FBI explanation)
http://www.fbi.gov/news/stories/2011/november/malware_110911/ (FBI news article)
http://www.dcwg.org/ (DNS Changer Working Group)
http://www.dns-ok.us/ (Quick check whether you are infected)

You see the green background if the test at "http://www.dns-ok.us/" finds no problems
>