screen-capture-1

DNS Changer Malware / Operation Ghost Click

Trend Micro recently announced, along with the FBI, the dismantling of a cyber criminal gang based out of Estonia. The gang was allegedly responsible for compromising millions of computers and redirecting them to online ads through the implementation of rogue DNS servers.

Over four million computers across 100 countries had inadvertently downloaded malware onto their systems, many through installing what they thought was a needed codec to view certain movies online. Compromised systems would then have their DNS settings altered to use servers controlled by the gang, rerouting the end users to locations on the Internet they never intended to visit.

These locations contain ads which, upon click-through or even viewing, generated revenue for the gang, resulting in over $14 million made through advertising fraud. The U.S. Attorney’s Office is seeking to extradite the gang for prosecution, likely due to the large number of U.S. government and businesses systems compromised by the gang and the fact that some of the rogue DNS servers were based in Chicago and New York.

DNS provides the IP address location of a website so a user who types “google.com” into a browser is actually taken to “72.14.204.103” (or one of their other IP locations). By forcing a system to use a specific DNS server, like this gang did, users would receive false IP address locations for websites they were trying to visit or ads they normally would have viewed, benefiting the gang while not maliciously harming the user. Examples provided during the indictment of the six Estonian members of the gang included:

“When the user of an infected computer clicked on a domain name link for Netflix, the user was instead taken to a website for an unrelated business called ‘BudgetMatch.'”

“When the user of an infected computer visited the home page of the Wall Street Journal, a featured advertisement for the American Express ‘Plum Card’ had been fraudulently replaced with an ad for ‘Fashion Girl LA.'”

The malware which compromised these systems also prevented updates to anti-virus software and the operating system. This helped the malware stay on the compromised systems over an extended period of time. For those concerned that they may be compromised the FBI has provided a document which aids in understanding the malware and how to check for DNS settings changes on your computer, for both Windows and Mac systems.
The FBI doc

In this document the IP address ranges of the known rogue DNS servers are listed, indicating server locations in Russia, Ukraine, U.S., and Amsterdam. You can see the ranges below:

85.255.112.0 through 85.255.127.255
67.210.0.0 through 67.210.15.255
93.188.160.0 through 93.188.167.255
77.67.83.0 through 77.67.83.255
213.109.64.0 through 213.109.79.255
64.28.176.0 through 64.28.191.255
-Matt Sully
montana-blog_Page_2

Security through the eyes of a teenager. Part 2

Are young people more knowledgeable about information security than their elders?
I believe that young people are more knowledgeable when it comes to security. The reason being that my generation has been brought up with daily use of computers. We have more experience than most of the older population. This does not mean that everyone from my generation knows how to stay secure while online.
Are young people concerned about privacy online?
Everyone says they are worried about their privacy, but young people have already posted all kinds of information about themselves on Facebook, Twitter, and many other social networks  Even if the settings on that site lower the visibility to the public eye, they are still there. I’m not sure if young people believe privacy of their information to be important since it is already up there. If it is banking information then we worry, but if not, then it is less of a concern.
How concerned about information security are young people?
Personally, I don’t believe that young people are worried about information security at all. We all fret when something goes wrong, but before something happens, security is not always important. I think the reason for this is that we are not the ones paying for it. It also depends on what kind of computer they are using, and the marketing out there. I remember when I got my MacBook, I thought it was immune to harmful internet malware. I started downloading more movies and music, something I would have not done on my old laptop which was a PC. 
Here are the results of the survey that I sent to my friends:

-Montana