Is this correct?

Discussion in 'all things UNIX' started by vasa1, Apr 23, 2012.

Thread Status:
Not open for further replies.
  1. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,700
    Sounds like bollocks to me, on all levels. From the use of the word FBI as if it implies international authority, all the way to a mix of phrases that do nothing more than confuse the clueless.
    Mrk
     
  3. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    The reason I'm confused is that they claim that MS Windows and Mac users are vulnerable but not Linux. But isn't the Mac OS more related to Linux than it is to MS Windows?
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    OSX is BSD based but it has long since drifted away from that source.

    That said, it's likely not that Linux users are immune, it's simply that this malware didn't bother to hit Linux users as both OSX and Windows have far greater market shares.
     
  5. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,700
    Linux and OSX are closer to each other than Windows, true, but still so far apart that they are complete and separate entities in every way.
    Mrk
     
  6. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    That's true in general and it has been repeated ad nauseam but what about this specific instance?

    Is it something that exploits a weakness common to MS Windows and OSX?
     
  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    There is no weakness here. It infects and changes the DNS. All personal computers that connect to the internet could potentially have their DNS changed by malware. It's not an exploit, the malware simply gets onto the system and changes the DNS from whatever the user uses to a malicious one.
     
  8. Kevin McAleavey

    Kevin McAleavey Security Expert

    Joined:
    Dec 8, 2003
    Posts:
    376
    Location:
    Upstate New York
    Hey guys! :)

    The "DNS Changer" malware is an oldie but goody from back in the BOClean days. Back then, it was known as "ZLOB" and "Fake Codec." 2006 vintage. When you got hit, you got a screen at porn sites that said, "in order to watch this content, you must download the latest codec" ... and so many rubes did.

    That's what this is all about - it changed registry settings in Windows, and DNS config files in Macintoshes and pointed the DNS to rogue sites that the FBI replaced once they were shut down with a DNS mirror. When these machines get shut down, the DNS settings in the infected machines will no longer find the replacement DNS host there and will instead be pointed to outer space.

    That's the problem. For anyone who's concerned that their antivirus failed to clean the registry when (or even IF) it detected ZLOB or the new excuse name of "DNS Changer" then simply point them to this site:

    http://www.dcwg.org/detect/

    If the screen is green, you're clean ... :)
     
  9. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    I'm willing to concede that I'm incredibly stoopid but none of you guys aren't answering my question in the original post :(
     
  10. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    Your original post doesn't have a question, I assume you mean the follow up post which contains one question:

    Which was answered:

    Which is a correct assessment.

    Also answered by Hungry is that this has nothing to do with a vulnerability, simply changing system settings, something possible in any OS. It seems rather invalid to start naming every single OS that this doesn't target (like the article you linked does). It would be like saying "A new virus is out of Windows 7, but if you use Linux, OSX, iOS, WP7, or Android, you're fine." Whilst it's a correct statement, it's pointless in that other OS's are obviously unaffected because you've already named the affected ones. (I'm assuming that's where you were getting confused.)
     
Loading...
Thread Status:
Not open for further replies.