From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RynHZ-0000RI-9F for garchives@archives.gentoo.org; Sat, 18 Feb 2012 16:37:09 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A1F41E1030; Sat, 18 Feb 2012 16:36:48 +0000 (UTC) Received: from cdptpa-omtalb.mail.rr.com (cdptpa-omtalb.mail.rr.com [75.180.132.120]) by pigeon.gentoo.org (Postfix) with ESMTP id CA720E0FDA for ; Sat, 18 Feb 2012 16:34:49 +0000 (UTC) X-Authority-Analysis: v=2.0 cv=P+O4d18u c=1 sm=0 a=xvUQ5II7JMRnhGkbsebX1A==:17 a=Nl4yYGx_vYMA:10 a=a6gwKe9xNhUA:10 a=6WvLBrxrMboA:10 a=wPDyFdB5xvgA:10 a=8nJEP1OIZ-IA:10 a=oNFtUEMmAAAA:8 a=TMBvd0rvw-XV4KnynVMA:9 a=YAudcR_pPCtUtfL-Ms8A:7 a=wPNLvfGTeEIA:10 a=eN4IVQz0MioA:10 a=SAP-ejJ0aCZuXIkO:21 a=h-FMFAK4V2fgrwwu:21 a=xvUQ5II7JMRnhGkbsebX1A==:117 X-Cloudmark-Score: 0 X-Originating-IP: 97.102.250.187 Received: from [97.102.250.187] ([97.102.250.187:53624] helo=basement.kutulu.org) by cdptpa-oedge01.mail.rr.com (envelope-from ) (ecelerity 2.2.3.46 r()) with ESMTP id 42/96-19850-923DF3F4; Sat, 18 Feb 2012 16:34:49 +0000 Received: from localhost (basement.kutulu.org [127.0.0.1]) by basement.kutulu.org (Postfix) with ESMTP id 10471302001 for ; Sat, 18 Feb 2012 11:34:49 -0500 (EST) X-Virus-Scanned: amavisd-new at kutulu.org Received: from basement.kutulu.org ([127.0.0.1]) by localhost (basement.kutulu.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1qECEMW906TD for ; Sat, 18 Feb 2012 11:34:48 -0500 (EST) Received: from [192.168.69.4] (wombat.kutulu.org [192.168.69.4]) by basement.kutulu.org (Postfix) with ESMTP id 66C91112007 for ; Sat, 18 Feb 2012 11:34:48 -0500 (EST) Message-ID: <4F3FD33A.90605@kutulu.org> Date: Sat, 18 Feb 2012 11:35:06 -0500 From: Mike Edenfield User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20120202 Thunderbird/11.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Somewhat OT: Any truth to this mess? References: <4F3F7CBA.9020600@gmail.com> In-Reply-To: <4F3F7CBA.9020600@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: 8fc54698-58de-48f1-84b1-1726807a0d0a X-Archives-Hash: 061a2eeea8ddac3ce6cc4a20b66b1d45 On 2/18/2012 5:26 AM, Dale wrote: > Howdy, > > I ran across this and though it was a joke. Did a news search and sure > enough, it is reported in lots of places. Random linky: > > http://www.dailymail.co.uk/news/article-2102856/Will-FBI-shut-Internet-March-8-virus-concerns.html?ito=feeds-newsxml > > Is there any truth to this mess? My bigger and better question, how is > shutting down the internet going to fix this? When the net comes back > up, they are still going to be infected. Right? As usual, the headline has things completely backwards; if you actually read the article and ignore the headline you will get something closer to reality: * There is a fairly large botnet that works by hijacking the DNS settings of the machines it infects, and redirecting them to rogue DNS servers. * The rogue DNS servers resolve all DNS requests by returning the IPs of various scam sites etc. that the botnet owners get paid for. * The FBI and the Dutch national police, stepped in and arrested those in charge of the botnet. * 120 days ago -- Nov 8 -- they dismantled the botnet's core network and replaced the rogue DNS servers with legitimate ones serving legitimate DNS zone information. * On March 8 the FBI will turn off their stand-in DNS servers. If you aren't infected by this botnet you won't notice anything. If you are still infected by this botnet your DNS servers will vanish (and, in theory, someone could step in and replace them, depending on what happens to the allocated IPs). --Mike