Discussion in 'all things UNIX' started by vasa1, Apr 23, 2012.
Sounds like bollocks to me, on all levels. From the use of the word FBI as if it implies international authority, all the way to a mix of phrases that do nothing more than confuse the clueless.
The reason I'm confused is that they claim that MS Windows and Mac users are vulnerable but not Linux. But isn't the Mac OS more related to Linux than it is to MS Windows?
OSX is BSD based but it has long since drifted away from that source.
That said, it's likely not that Linux users are immune, it's simply that this malware didn't bother to hit Linux users as both OSX and Windows have far greater market shares.
Linux and OSX are closer to each other than Windows, true, but still so far apart that they are complete and separate entities in every way.
That's true in general and it has been repeated ad nauseam but what about this specific instance?
Is it something that exploits a weakness common to MS Windows and OSX?
There is no weakness here. It infects and changes the DNS. All personal computers that connect to the internet could potentially have their DNS changed by malware. It's not an exploit, the malware simply gets onto the system and changes the DNS from whatever the user uses to a malicious one.
The "DNS Changer" malware is an oldie but goody from back in the BOClean days. Back then, it was known as "ZLOB" and "Fake Codec." 2006 vintage. When you got hit, you got a screen at porn sites that said, "in order to watch this content, you must download the latest codec" ... and so many rubes did.
That's what this is all about - it changed registry settings in Windows, and DNS config files in Macintoshes and pointed the DNS to rogue sites that the FBI replaced once they were shut down with a DNS mirror. When these machines get shut down, the DNS settings in the infected machines will no longer find the replacement DNS host there and will instead be pointed to outer space.
That's the problem. For anyone who's concerned that their antivirus failed to clean the registry when (or even IF) it detected ZLOB or the new excuse name of "DNS Changer" then simply point them to this site:
If the screen is green, you're clean ...
I'm willing to concede that I'm incredibly stoopid but none of you guys aren't answering my question in the original post
Your original post doesn't have a question, I assume you mean the follow up post which contains one question:
Which was answered:
Which is a correct assessment.
Also answered by Hungry is that this has nothing to do with a vulnerability, simply changing system settings, something possible in any OS. It seems rather invalid to start naming every single OS that this doesn't target (like the article you linked does). It would be like saying "A new virus is out of Windows 7, but if you use Linux, OSX, iOS, WP7, or Android, you're fine." Whilst it's a correct statement, it's pointless in that other OS's are obviously unaffected because you've already named the affected ones. (I'm assuming that's where you were getting confused.)
Separate names with a comma.