# *9th July - The Internet Doomsday*  A malware named DNS changer infected 250,000 users...



## ankit.kumar010203 (Jul 7, 2012)

*3.bp.blogspot.com/-niuprSEbLTQ/T_heY0BxDkI/AAAAAAAAAQc/lvzqEZML9ag/s1600/internet-doomsday+dns+changer+malware.jpg

It is reported that by 9th July, Monday 250,000 users will loose access to internet. A virus named DNS changer has infected the users. FBI warns that if not cured these users will loose internet access by this date.

The malware, DNS changer, is based on basic internet principle called DNS (Domain Name System). When we open the a link then firstly it is converted to numerical address called ip address and then the page is loaded from the page servers. Without DNS and DNS servers operated by internet service providers users would be unable to browse internet, send emails etc. Now what this virus does is that it infects the users so that when they open a link, they are redirected to the servers of these infectors who earn billions of dollars for this.

As reported by the FBI on their site, they caught the criminals and cleaned up their servers but did not close them. They announced 9th of July as the date to close these servers so that in the meantime users can cure themselves from this malware. The servers were temporarily cleaned and left to work so that the infected users can fix their computers and do not loose internet access suddenly. Now on 9th of july when these servers will be shutdown then every infected user will not be able to access the internet and Internet Doomsday will come.

On 4th June facebook also announced to do it's part and save users from this malware before the 9th july by creating awareness and warning them. Below is the image which facebook shows when a user is infected with this virus.

*2.bp.blogspot.com/-tyVrDe5u7cM/T_helxDgyaI/AAAAAAAAAQk/Z_OX4VTgMfs/s1600/facebook+part+to+save+people+from+internet+doomsday+and+dns+changer.jpg

As predicted, 2012 will really prove to be a year of judgement and 9th of july as the doomsday. If you want to check whether you are infected with this malware then you can visit: DNS Changer Check-Up - Clean 
If you are luck then you will see an image like this:
*1.bp.blogspot.com/-xH5SVrvmlSs/T_he2xkXEnI/AAAAAAAAAQs/L70DeNgzZGs/s1600/dns+changer+checking+up+the+internet+access.PNG


----------



## Alok (Jul 7, 2012)

Lets see at morn.


----------



## MetalheadGautham (Jul 8, 2012)

Meh. Linux.


----------



## Liverpool_fan (Jul 8, 2012)

*cdn.memegenerator.net/instances/400x/23116524.jpg


----------



## mitraark (Jul 8, 2012)

Did they modify the hosts file ( that would be too simple ) , couldn't find any mention in the OP post that only Windows users will be affected.


----------



## hsr (Jul 8, 2012)

*cdn.memegenerator.net/instances/250x250/20501346.jpg


----------



## Hrishi (Jul 8, 2012)

mitraark said:


> Did they modify the hosts file ( that would be too simple ) , couldn't find any mention in the OP post that only Windows users will be affected.



The criminal replaces the USER's default DNS server provided by his ISP to a rouge DNS server (which is now being cleaned up ).This rogue DNS server was probably setting a redirect to their profitable fraudulent website.

Well that is pretty simple case for the users who have not changed the default login credentials for their routers.
I think the malware tries to ( brute-force/hit and trial with default password ) and log into the ROuter or DHCP server of the victim.
It will then modify the DNS and DHCP settings at the victim's end.

Here is a list of rogue DNS servers obtained from FBI, compare them with your DNS server setting.



Spoiler



"85.255.112.0 through 85.255.127.255
67.210.0.0 through 67.210.15.255
93.188.160.0 through 93.188.167.255
77.67.83.0 through 77.67.83.255
213.109.64.0 through 213.109.79.255
64.28.176.0 through 64.28.191.255 "


.


----------



## krishnandu.sarkar (Jul 8, 2012)

MetalheadGautham said:


> Meh. Linux.



That doesn't matter. Because this malware affects DNS Servers not your PC 

So if DNS Server is down, you be on Linux or Mac or Windows, it doesn't matters, you won't be able to access internet.


----------



## Hrishi (Jul 8, 2012)

krishnandu.sarkar said:


> That doesn't matter. Because this malware affects DNS Servers not your PC
> 
> So if DNS Server is down, you be on Linux or Mac or Windows, it doesn't matters, you won't be able to access internet.



The best way is to secure your router's administration control panel.
At least change the default password.

Well in case if its a virus that resides on the rogue DNS servers then you are very much correct.
However if they have release a local malware too which infects individual host then Linux users might be safe.


----------



## rider (Jul 8, 2012)

What to do any precautions?


----------



## x64 (Jul 8, 2012)

rider said:


> What to do any precautions?



you can visit DNS Changer Check-Up - Clean to know if you are affected


----------



## Faun (Jul 8, 2012)

quality post, OP.


----------



## Desmond (Jul 8, 2012)

I smell conspiracy. Probably something to do with SOPA/PIPA.

On topic: No problem, go out and hangout with friends in REAL social networking. You still know what that is, don't you?


----------



## topgear (Jul 8, 2012)

it won't be a "Doomsday" - I'm sure about this and like hsr's pic on post #6 - even I would say bring it on !


----------



## rider (Jul 8, 2012)

DeSmOnD dAvId said:


> I smell conspiracy. Probably something to do with SOPA/PIPA.
> 
> On topic: No problem, go out and hangout with friends in REAL social networking. You still know what that is, don't you?



So, that means not to use internet between tonight's 12:00AM to tomorrow night 12:00 AM


----------



## Piyush (Jul 8, 2012)

rider said:


> What to do any precautions?



Dont use internet


----------



## tanmaymohan (Jul 8, 2012)

9th july is my birthday




hmmm.....


----------



## MetalheadGautham (Jul 8, 2012)

krishnandu.sarkar said:


> That doesn't matter. Because this malware affects DNS Servers not your PC
> 
> So if DNS Server is down, you be on Linux or Mac or Windows, it doesn't matters, you won't be able to access internet.



I use Google DNS.


----------



## krishnandu.sarkar (Jul 8, 2012)

^^That's great 

Hope Google is superior than these malware creators


----------



## rider (Jul 8, 2012)

Piyush said:


> Dont use internet



You mean not to use internet on windows..


----------



## reddead (Jul 8, 2012)

i remember this happening before or was it dejaVu???


----------



## thetechfreak (Jul 8, 2012)

oh well Google DNS seems to be handling it fine for me


----------



## Vyom (Jul 8, 2012)

I am ..._waiting_... for the day when whole Interwebz shuts down. Maybe then people are forced to leave their basements or dark rooms and come out in the sunshine. Maybe then they stop from turning into digital vampires.


----------



## ankit.kumar010203 (Jul 8, 2012)

tanmaymohan said:


> 9th july is my birthday
> 
> 
> 
> ...



Are You Internet Killer?


DON'T MIND JUST JOKING...!!!


----------



## ankit.kumar010203 (Jul 8, 2012)

Vyom said:


> I am ..._waiting_... for the day when whole Interwebz shuts down. Maybe then people are forced to leave their basements or dark rooms and come out in the sunshine. Maybe then they stop from turning into digital vampires.



Oh Yes Vyom,You Are Right....!!!



Vyom said:


> I am ..._waiting_... for the day when whole Interwebz shuts down. Maybe then people are forced to leave their basements or dark rooms and come out in the sunshine. Maybe then they stop from turning into digital vampires.



Oh Yes Vyom,You Are Telling Right....!!!


----------



## rider (Jul 8, 2012)

Vyom said:


> I am ..._waiting_... for the day when whole Interwebz shuts down. Maybe then people are forced to leave their basements or dark rooms and come out in the sunshine. Maybe then they stop from turning into digital vampires.



For what time you are gonna turn off your internet modem? I mean what timings.


----------



## Vyom (Jul 8, 2012)

rider said:


> For what time you are gonna turn off your internet modem? I mean what timings.



I am turning off nothing!


----------



## Mario (Jul 8, 2012)

Vyom said:


> I am ..._waiting_... for the day when whole Interwebz shuts down. Maybe then people are forced to leave their basements or dark rooms and come out in the sunshine. Maybe then they stop from turning into digital vampires.



That would be very bad indeed - not all internet users are couch potatoes you know!



rider said:


> For what time you are gonna turn off your internet modem? I mean what timings.



Its allegedly not supposed to be a one-day threat - its supposed to be 9th July *onwards*! In fact, the only thing that is happening on 9th July, is FBI is turning off some of their servers! Read about Operation Ghost Click to know more!

Edit: Oh! and if your router is bridged (and not PPP), then securing router does not help in this case (which does not imply you should not secure your router )


----------



## Alok (Jul 9, 2012)

I won't off internet . Its 12:03 onwards....


----------



## rider (Jul 9, 2012)

it is still sunday in USA.


----------



## Mario (Jul 9, 2012)

Come one guys, there would be no need to "off"' the internet - if you are already infected, you are getting/will get redirected to spoofed sites, if you are not, you will continue as you are - as simple as that...nothing special is going to happen 9th July onwards..
Just check in the link in the original post if you are infected and act accordingly!


----------



## rider (Jul 9, 2012)

Mario said:


> Come one guys, there would be no need to "off"' the internet - if you are already infected, you are getting/will get redirected to spoofed sites, if you are not, you will continue as you are - as simple as that...nothing special is going to happen 9th July onwards..
> Just check in the link in the original post if you are infected and act accordingly!



what should we do, if get affected?


----------



## Desmond (Jul 9, 2012)

Is there any implications in India?
_Posted via Mobile Device_


----------



## Alien (Jul 9, 2012)

Nothing is going to happen if you are not already infected. You can check if you are infected here. Follow the instructions there to clean it if you are infected. Also check for your router, whether it is using the correct DNS server. FBI had already caught the perpetrators of this some 8 months back, and if they had shut the rogue servers then all those infected would have been cut off from the internet. So, following court order they set up alternate servers with the same DNS for the infected computers to use and five them time to clean their PC's. FBI is shutting those servers on Monday, so all those still infected will lose their connection. India has the third highest number of infections worldwide behind US and Italy. 

Source.


----------



## topgear (Jul 9, 2012)

rider said:


> it is still sunday in USA.



yep, 7:57 PM (NY) at the time of this post - so wait 4 hour and 3 mins to know for sure


----------



## kg11sgbg (Jul 9, 2012)

For the time being,upon GOD's grace,and my fellow "Digitians" well-wishing , I am *UNINFECTED*,and could surf/browse at ease,TILL NOW.
Though I'm running under Ubuntu-12.04(64-bit),still I've *"clam"* AV and other utilities(security software Freely available) installed...

Friends note the time as 6:37 AM

Well,um... I forgot the U.S. time,it's not 12:00 past midnight and still Sunday ,8th of July,2012 at present.
*@topgear*,has already provided the timing protocol between India & U.S.
So,we are still not being *tested* by the Internet closure/crash event...

Sorry,friends for being overtly "enthusiastic",though my *IP* address is *UNINFECTED* as checked by the FBI site,and also according to *@Alien*,my router is using the *correct DNS* server,all *checked*.


----------



## rider (Jul 9, 2012)

Alien said:


> Nothing is going to happen if you are not already infected. You can check if you are infected here. Follow the instructions there to clean it if you are infected. Also check for your router, whether it is using the correct DNS server. FBI had already caught the perpetrators of this some 8 months back, and if they had shut the rogue servers then all those infected would have been cut off from the internet. So, following court order they set up alternate servers with the same DNS for the infected computers to use and five them time to clean their PC's. FBI is shutting those servers on Monday, so all those still infected will lose their connection. India has the third highest number of infections worldwide behind US and Italy.
> 
> Source.



I am green in that website, and already scanned with malware securities. So, this means i have no problem to access full day without worrying?


----------



## thetechfreak (Jul 9, 2012)

The current PACIFIC standard Time- 10.42 PM of 8th July as seen here- PST: Pacific Standard Time (USA & Canada). What's the current time now in PST? / PDT in Summer



Wait for couple more hours


----------



## mrintech (Jul 9, 2012)

Liverpool_fan said:


> *cdn.memegenerator.net/instances/400x/23116524.jpg



+1


----------



## Hrishi (Jul 9, 2012)

mrintech said:


> +1



-1 , its not just windows . OS independent.


----------



## Mario (Jul 9, 2012)

rider said:


> I am green in that website, and already scanned with malware securities. So, this means i have no problem to access full day without worrying?



Its not just for today, its today *onwards* till forever or as long as you remain infected! Anyway, since you are not infected like you said, you should be good (today and tomorrow onwards )


----------



## Liverpool_fan (Jul 9, 2012)

Rishi. said:


> -1 , its not just windows . OS independent.



The malware will have to change the DNS settings for the OS is question. Not going to affect Linux, since it has been designed only for Windows and Macs.


----------



## pranav0091 (Jul 9, 2012)

Isnt this a ripoff from the Anonymous DNS Attack doomsday story? Both are false then.

Though the technique is very ingenious, its OS dependent. 

Boy, these false stories are getting cleverer with time.


----------



## Faun (Jul 9, 2012)

oh my ! my internet stopped working.

What do I do now ??


----------



## Rockstar11 (Jul 9, 2012)

oh my god.. yaha pe kuch logo ke internet nahi chal rahe.... 

thank god my pc is not Infected With DNSChanger Trojan. 


Find out if you have been infected with the DNSChanger Trojan
McAfee SiteAdvisor Software ? Website Safety Ratings and Secure Search


----------



## 101gamzer (Jul 9, 2012)

In India only 25000 IPs are only infected

If You think you are Infected Just download any of these
Products - SurfRight
Anti-rootkit utility TDSSKiller
Stinger | McAfee Free Tools
Norton Power Eraser | Free Tool |Easily remove scamware that traditional virus scanning can?t detect

[YOUTUBE]A3wBR5DT7BU[/YOUTUBE]


----------



## mrintech (Jul 9, 2012)

Shadowbot Removal Instructions


----------



## Alok (Jul 9, 2012)

Faun said:


> oh my ! my internet stopped working.
> 
> What do I do now ??



mine too stopped  , but i can browse , chat , post, download and everything.


----------



## Faun (Jul 9, 2012)

Alok said:


> mine too stopped  , but i can browse , chat , post, download and everything.



Uploading youtube video of Battlefield 3 takes forever.


----------



## rider (Jul 9, 2012)

I survived the dooms day, I survived the dooms day!! waiting to survive on 21 dec 2012


----------



## tanmaymohan (Jul 9, 2012)

has any1 experienced????


----------



## 101gamzer (Jul 9, 2012)

rider said:


> I survived the dooms day, I survived the dooms day!! waiting to survive on 21 dec 2012



Me too Dont Get over exited


----------



## rider (Jul 9, 2012)

101gamzer said:


> Me too Dont Get over exited



just joking, man..!!


----------



## reniarahim1 (Jul 9, 2012)

me too not


----------



## kg11sgbg (Jul 9, 2012)

At this present time I'm *running ...running...running...*inside the web/network highway,without any single glitch.

NO PROBLEMS...

Though I 've Windows-7 installed,I am currently browsing/running/writing,from and inside *Google Chrome* in *Fedora-17(64-bit)*

*Just have a look on the time of my posting.*


Best wishes to all of you @Forum Friends...


----------



## comp@ddict (Jul 9, 2012)

Ghanta doomsday. Nothing happened.


----------



## clmlbx (Jul 9, 2012)

It said Monday and in us Day is just started.. By day I mean office hours.. and even computer which are not infected would not even notice anything


----------



## Vyom (Jul 9, 2012)

Even I survived. 

And PS, I don't use any kind of antivirus. And am on Win XP


----------



## Hrishi (Jul 9, 2012)

Liverpool_fan said:


> The malware will have to change the DNS settings for the OS is question. Not going to affect Linux, since it has been designed only for Windows and Macs.



are you sure that its only for MAC and Windows ? AFAIK , it affects the router configuration too.And that has nothing to do with the OS (In the file released by FBI , it is mentioned that it also affects the DHCP server , which is generally the router.
) . 
I think ,The malware residing on remote server just needs your IP address to alter the DNS settings.

I think maybe the virus tries to telnet the router .


----------



## ico (Jul 9, 2012)

Rishi. said:


> are you sure that its only for MAC and Windows ? AFAIK , it affects the router configuration too.And that has nothing to do with the OS (In the file released by FBI , it is mentioned that it also affects the DHCP server , which is generally the router.
> ) .
> I think ,The malware residing on remote server just needs your IP address to alter the DNS settings.
> 
> I think maybe the virus tries to telnet the router .





> The DNSChanger malware is capable of changing the DNS server settings within SOHO routers* that have the default username and password provided by the manufacturer.* If you did not change the default password at the time the SOHO router was installed, you must check the SOHO router settings.



Still the malware uses only Mac or Windows to do what it wants.

I keep remote access disabled in all my routers and all machines predominantly run Linux at home.


----------



## 101gamzer (Jul 10, 2012)

ico said:


> Still the malware uses only Mac or Windows to do what it wants.
> 
> I keep remote access disabled in all my routers and all machines predominantly run Linux at home.



Good Precaution even running linux will it will affect the router Settings? 
Even If DNS changer-virus changes the IP of the host Can the host(infected) Change his Router Settings to Default other than Running the Virus Killers provided By KAS,MS,BtD? etc


----------



## rider (Jul 10, 2012)

Vyom said:


> Even I survived.
> 
> And PS, I don't use any kind of antivirus. And am on Win XP



No antivirus!!  you are a very brave man!!


----------



## topgear (Jul 10, 2012)

Just read this 

'Internet Doomsday' virus fizzles, web traffic flows - World - DNA


----------



## x64 (Jul 10, 2012)

Did anything even happened ?


----------



## Alok (Jul 10, 2012)

^ imo it was a joke.


----------



## hsr (Jul 10, 2012)

hah, even I don't know the login to my router .__.


----------



## reniarahim1 (Jul 10, 2012)

seriously. i didn't hear about anyone who lost internet access.


----------



## d6bmg (Jul 10, 2012)

So? 'Doomsday' postponed for indefinite period of time? :huh:


----------



## Gauravs90 (Jul 10, 2012)

d6bmg said:


> So? 'Doomsday' postponed for indefinite period of time? :huh:



No, one day I will create a malware which will disable everyone's internet connection


----------



## kg11sgbg (Jul 10, 2012)

@Forum Friends, wondering whether FBI/U.S. authorities/Administration(BIG BROTHER) has created this as a "Hoax" and in the meanwhile,serving to all public as a legitimate method to check their IP adresses,actually stores up all our IP addresses in their HUGE Database of servers,and ultimately begins their thoroughly CHECK on us of everything(search trends;history of site visits;history of downloads of software;etc...;etc...;social network trends and history;etc...;etc...)  .
Simply put our PRIVACY in their hands...
All our DIGITAL(VIRTUAL) network history and trends in their hands...
Just a thought.


----------



## Mario (Jul 10, 2012)

Gauravs90 said:


> No, one day I will create a malware which will disable everyone's internet connection



And what good will that do? Your malware wont be able to talk to your CnC and all your effort will be for nothing  



kg11sgbg said:


> @Forum Friends, wondering whether FBI/U.S. authorities/Administration(BIG BROTHER) has created this as a "Hoax" and in the meanwhile,serving to all public as a legitimate method to check their IP adresses,actually stores up all our IP addresses in their HUGE Database of servers,and ultimately begins their thoroughly CHECK on us of everything(search trends;history of site visits;history of downloads of software;etc...;etc...;social network trends and history;etc...;etc...)  .
> Simply put our PRIVACY in their hands...
> All our DIGITAL(VIRTUAL) network history and trends in their hands...
> Just a thought.



They dont need to create this elaborate "hoax" for something which they already have!!!! Search trends? History? Other trends? Hello? When you clicked that checkbox for "I accept" , be it at Google or Facebook, you already handed over your "privacy" on a silver platter to them! Hmm, I guess very few actually went thru the whole EULA!


----------



## d6bmg (Jul 12, 2012)

@Mods: 9th July gone 3 days ago. Time to lock the thread I guess.


----------



## theserpent (Jul 12, 2012)

Yup time to lock the thread


----------



## 101gamzer (Jul 12, 2012)

theserpent said:


> Yup time to lock the thread



yip,Lockit Up


----------

