Friday, 22 June 2012

IRISSCERT Warns Irish Internet Users to Be Disconnected From Internet on July 9th

IRISSCERT Warns Irish Internet Users to Be Disconnected From Internet on
July 9th


Dublin, Ireland  - 22nd June 2012

IRISSCERT is warning that some Irish computer users are facing disconnection
from the Internet on July 9th due to their computers being infected with the
DNSChanger Trojan.  In November 2011, in an operation dubbed "Operation
Ghost Click", the FBI shut down a criminal gang called Rove Digital who used
the DNSChanger Trojan to hijack the web traffic belonging to infected PCs.
The criminals used the malware to change the DNS server settings on the
infected PCs to point to DNS servers under the control of the criminals.

"DNS-Domain Name System-is a critical Internet service that converts
user-friendly domain names, such as www.fbi.gov, into numerical addresses
that allow computers to talk to each other. Without DNS and the DNS servers
operated by Internet service providers, computer users would not be able to
browse websites or send e-mail."

This allowed the criminals to control and redirect all web traffic from the
infected PCs to where-ever the criminals felt like.  When shutting down the
criminal gang the FBI realised that shutting down the criminals' DNS servers
would in effect disconnect the infected PCs from the Internet as they would
no longer have any DNS servers to direct their traffic.  To deal with this
situation and allow time to clean up the infected computers, the FBI
obtained a court order allowing the Internet Systems Consortium to employ
legitimate DNS servers using the IP addresses belonging to the criminal
gang.  However, this court order will expire on the 9th of July 2012 and any
computers still using those IP addresses in the DNS settings will not be
able to browse the web.

IRISSCERT are aware that a number of Irish PCs are still infected with the
DNSChanger and could be effectively disconnected from the Internet on July
9th.  IRISSCERT urges people to check and ensure their PC is not infected
with the DNSChanger Trojan.  To check if your PC is infected IRISSCERT
recommends you visit the website of the DNSChanger Working Group
http://www.dcwg.org/ which has an easy to follow step by step guide to check
if your PC is infected and what to do if it is infected.

Andy Whelan spokesperson for IRISSCERT said "On a daily basis we see a large
number of PCs in Ireland that are infected with the DNSChanger Trojan and we
are concerned that come July 9th they will no longer be able to browse the
Internet. We urge people to go to the website of the DNSChanger Working
Group http://www.dcwg.org/ to determine if their PC is affected and to
follow the steps outlined to fix their computer if they are."

Andy Whelan went on to say "We would like to remind everyone that prevention
is better than the cure and people should take some rudimentary steps to
protect their computers by;
.       Using reputable anti-virus software
.       Ensuring their anti-virus software is working and up to date.
.       Keep their computer systems and software up to date with the latest
software patches.
.       Do not click on links or attachments in emails unless absolutely
sure they are genuine.
.       Use strong passwords on their system and for any websites that they
use."