From: Mike Edenfield <kutulu@kutulu.org>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Somewhat OT: Any truth to this mess?
Date: Sat, 18 Feb 2012 11:35:06 -0500 [thread overview]
Message-ID: <4F3FD33A.90605@kutulu.org> (raw)
In-Reply-To: <4F3F7CBA.9020600@gmail.com>
On 2/18/2012 5:26 AM, Dale wrote:
> Howdy,
>
> I ran across this and though it was a joke. Did a news search and sure
> enough, it is reported in lots of places. Random linky:
>
> http://www.dailymail.co.uk/news/article-2102856/Will-FBI-shut-Internet-March-8-virus-concerns.html?ito=feeds-newsxml
>
> Is there any truth to this mess? My bigger and better question, how is
> shutting down the internet going to fix this? When the net comes back
> up, they are still going to be infected. Right?
As usual, the headline has things completely backwards; if
you actually read the article and ignore the headline you
will get something closer to reality:
* There is a fairly large botnet that works by hijacking the
DNS settings of the machines it infects, and redirecting
them to rogue DNS servers.
* The rogue DNS servers resolve all DNS requests by
returning the IPs of various scam sites etc. that the botnet
owners get paid for.
* The FBI and the Dutch national police, stepped in and
arrested those in charge of the botnet.
* 120 days ago -- Nov 8 -- they dismantled the botnet's core
network and replaced the rogue DNS servers with legitimate
ones serving legitimate DNS zone information.
* On March 8 the FBI will turn off their stand-in DNS servers.
If you aren't infected by this botnet you won't notice
anything. If you are still infected by this botnet your DNS
servers will vanish (and, in theory, someone could step in
and replace them, depending on what happens to the allocated
IPs).
--Mike
next prev parent reply other threads:[~2012-02-18 16:37 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-18 10:26 [gentoo-user] Somewhat OT: Any truth to this mess? Dale
2012-02-18 10:44 ` Alan McKinnon
2012-02-18 12:00 ` Dale
2012-02-18 12:24 ` Volker Armin Hemmann
2012-02-18 12:39 ` Dale
2012-02-18 14:40 ` Alan McKinnon
2012-02-18 15:34 ` Dale
2012-02-18 16:18 ` Michael Mol
2012-02-18 17:48 ` Dale
2012-02-18 18:01 ` Pandu Poluan
2012-02-18 18:10 ` Michael Mol
2012-02-18 19:02 ` Pandu Poluan
2012-02-18 16:21 ` Volker Armin Hemmann
2012-02-18 16:31 ` Michael Mol
2012-02-18 12:56 ` Pandu Poluan
2012-02-18 13:18 ` Dale
2012-02-18 13:49 ` Pandu Poluan
2012-02-18 14:38 ` Alan McKinnon
2012-02-19 21:08 ` [gentoo-user] " walt
2012-02-19 21:23 ` Paul Hartman
2012-02-19 22:16 ` Dale
2012-02-20 16:12 ` Todd Goodman
2012-02-20 20:49 ` Grant Edwards
2012-02-20 21:04 ` Michael Mol
2012-02-20 21:16 ` Mark Knecht
2012-02-20 21:24 ` Michael Mol
2012-02-20 21:52 ` Grant Edwards
2012-02-21 5:30 ` Paul Hartman
2012-02-18 14:30 ` [gentoo-user] " pk
2012-02-21 3:58 ` Walter Dnes
2012-02-18 14:36 ` Alan McKinnon
2012-02-18 18:11 ` Pandu Poluan
2012-02-18 18:24 ` Michael Mol
2012-02-18 19:10 ` Pandu Poluan
2012-02-18 16:35 ` Mike Edenfield [this message]
2012-02-19 21:14 ` [gentoo-user] " walt
2012-02-19 23:29 ` wdk@moriah
2012-02-20 16:37 ` Todd Goodman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F3FD33A.90605@kutulu.org \
--to=kutulu@kutulu.org \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox