1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

FBI Warns Facebook Users [Virus]

Discussion in 'BlackHat Lounge' started by 2011nfl, Jul 7, 2012.

  1. 2011nfl

    2011nfl Supreme Member

    Joined:
    Aug 9, 2010
    Messages:
    1,223
    Likes Received:
    5,955
    Location:
    Dallas, Texas
    Home Page:
    WASHINGTON — Despite repeated alerts, tens of thousands may still lose their Internet service Monday unless they do a quick check of their computers for malware that could have taken over their machines more than a year ago.


    The warnings about the Internet problem have been splashed across Facebook and Google. Internet service providers have sent notices, and the FBI set up a special website.


    According to the FBI, the number of computers that probably are infected is more than 277,000 worldwide, down from about 360,000 in April. About 64,000 still-infected computers are probably in the United States.


    The Canadian Internet Registration Authority said about 25,000 of the computers initially affected by the malware were in Canada, but now only about 7,000 machines remain infected there, according to Canadian Internet Registration Authority spokesman Mark Buell.


    He said his organization, together with Public Safety Canada and the Canadian Radio-television Telecommunications Commission, has developed an online site where computer users can check their computers for the malware.


    People whose computers are still infected Monday will lose their ability to go online, and they will have to call their service providers for help deleting the malware and reconnecting to the Internet.


    The problem began when international hackers ran an online advertising scam to take control of more than 570,000 infected computers around the world. When the FBI went in to take down the hackers late last year, agents realized that if they turned off the malicious servers being used to control the computers, all the victims would lose their Internet service.


    In a highly unusual move, the FBI set up a safety net. They brought in a private company to install two clean Internet servers to take over for the malicious servers so that people would not suddenly lose their Internet.


    And while it was the first time they'd done something like that, FBI officials acknowledged that it may not be the last, since authorities are taking on more of these types of investigations.


    The temporary Internet system they set up, however, will be shut down at 11:01 p.m. CDT Sunday, which is Monday on the East Coast.


    Most victims don't even know their computers have been infected, although the malicious software probably has slowed their online surfing and disabled their antivirus software, making their machines more vulnerable to other problems.


    But popular social networking sites and Internet providers have gotten more involved, reaching out to computer users to warn of the problem.


    According to Tom Grasso, an FBI supervisory special agent, many Internet providers are ready for the problem and have plans to try to help their customers. Some, such as Comcast, already have reached out.


    The company sent out notices and posted information on its website. Because the company can tell whether there is a problem with a customer's Internet server, Comcast sent an email, letter or Internet notice to customers whose computers appeared to be affected.


    Grasso said other Internet providers may come up with technical solutions that they will put in place Monday that will either correct the problem or provide information to customers when they call to say their Internet isn't working.


    Both Facebook and Google created their own warning messages that showed up if someone using either site appeared to have an infected computer. Facebook users would get a message that says, "Your computer or network might be infected," along with a link that users can click for more information.


    Google users got a similar message, displayed at the top of a Google search results page. It also provides information on correcting the problem.


    To check whether a computer is infected, users can visit a website run by the group brought in by the FBI: (sensored for bhw members protection) If you need the link just google the subject and find it in one of the news posts.


    The site includes links to respected commercial sites that will run a quick check on the computer, and it also lays out detailed instructions if users want to actually check the computer themselves.
     
    • Thanks Thanks x 5
    Last edited: Jul 7, 2012
  2. 2011nfl

    2011nfl Supreme Member

    Joined:
    Aug 9, 2010
    Messages:
    1,223
    Likes Received:
    5,955
    Location:
    Dallas, Texas
    Home Page:
    I don't know if I trust a website the fbi is promoting to check infected computers though. Probably a way for them to spy
     
    • Thanks Thanks x 3
  3. oxonbeef

    oxonbeef BANNED BANNED

    Joined:
    Jan 4, 2009
    Messages:
    2,242
    Likes Received:
    7,872
    http://www.fbi.gov/news/stories/2011/november/malware_110911

    http://facecrooks.com/Internet-Safety-Privacy/350000-internet-users-could-lose-web-access-on-july-9-are-you-one-of-them.html

    https://www.google.co.uk/search?sugexp=chrome,mod=13&sourceid=chrome&ie=UTF-8&q=Operation+Ghost+Click

    And I would suggest you learn to use the internet.
     
    • Thanks Thanks x 9
  4. phatzilla

    phatzilla Supreme Member

    Joined:
    Apr 9, 2009
    Messages:
    1,366
    Likes Received:
    1,017
    sounds like a cpa angle to take advantage of for other bhwers
     
  5. B. Friendly

    B. Friendly BANNED BANNED

    Joined:
    Jun 10, 2012
    Messages:
    388
    Likes Received:
    480
    I still think it's bullshit. Why would the FBI care that "thousands" of people lose their internet as a result of the infection? Thousands of people lose their internet as a result of infection every single day, and you don't see the FBI, CIA, NSA, or the NAACP getting involved. Minimally I think this is a "PR piece", intended to obfuscate the line between what is and what is not the government's responsibility (they want it all, and the power that goes with it, and then they'll need your income in order to do all this fine governing). It could also be that they were using the criminals illegal "hooks" into private person's (citizens) machines in order to spy on people. Since they didn't create, or install the "wiretap", and all they did was monitor it's reports, any number of government agencies could have been recording everything that all these machines did, where they went, what sites they visited, who the chatted with on Facebook.

    Maybe Supreme Court Justice Roberts has been bangin' some skanky DC hoe, and making their business arrangements online through an infected computer. Maybe he likes kiddie porn. Maybe that's why & how he changed his judicial philosophy; it was a better alternative than spending the rest of his life in prison. When the US Attorney General sells automatic weapons to the drug cartel in Mexico, and gets away with it, you have to assume every corrupt practice imaginable is actually happening. Meanwhile, what's truly important is that Megauploads lets people illegally download copyrighted porn videos for free. How come no one ever asks why the Federal Government cares so much about protecting the profits of the pornographers?
     
    Last edited: Jul 7, 2012
  6. 2011nfl

    2011nfl Supreme Member

    Joined:
    Aug 9, 2010
    Messages:
    1,223
    Likes Received:
    5,955
    Location:
    Dallas, Texas
    Home Page:
    Are you serious? You don't know me at all to say something like that. I seen it on the news, I then googled it, then I copy and pasted the first article I read on it. What kind of angle would that be?
     
    • Thanks Thanks x 2
  7. bertbaby

    bertbaby Elite Member

    Joined:
    Apr 15, 2009
    Messages:
    2,019
    Likes Received:
    1,496
    Occupation:
    Product marketing
    Location:
    USA
    Home Page:
    Nope this story is true. Believe it or not Microsoft has done similar exploits to take down hacker botnets. You would be surprised at the number of honeypots situated in the wild run by different organizations.
     
    • Thanks Thanks x 2
  8. Justenzy

    Justenzy Registered Member

    Joined:
    Dec 4, 2011
    Messages:
    62
    Likes Received:
    58
    This isn't bullshit. The Australian government has issued this same warning.
     
    • Thanks Thanks x 2
  9. mikewaz

    mikewaz Newbie

    Joined:
    Apr 2, 2008
    Messages:
    31
    Likes Received:
    15
    Just checked mine, you never know.
     
  10. evilman11

    evilman11 Junior Member

    Joined:
    Apr 6, 2009
    Messages:
    149
    Likes Received:
    418
    Occupation:
    chillin at bhw and internet marketing
    Location:
    on the net making my pockets fatter
    I think he's talking about the possible cpa commissions you could make with this exploit. For example, someone types in google and instead they're sent to a fake site that looks like google, and has a content locker. So many possibilities... If I were in the fbi's position right now though, I'd redirect the people to meatspin for the lulz. :D
     
    • Thanks Thanks x 2
  11. Zapdos

    Zapdos Power Member

    Joined:
    Oct 22, 2011
    Messages:
    597
    Likes Received:
    708
    Location:
    Eastern North Carolina
    Do you know why the FBI has these servers? Someone did exactly that. They made the virus to redirect DNS queries to their own websites to make money. They're in jail now and the FBI seized the servers.
     
    • Thanks Thanks x 2
  12. IMekYuLoff

    IMekYuLoff BANNED BANNED

    Joined:
    Aug 31, 2011
    Messages:
    77
    Likes Received:
    8
    As of the FBI cares about our safety lol they run Facebook lol but really thanks for the heads up
     
  13. evilman11

    evilman11 Junior Member

    Joined:
    Apr 6, 2009
    Messages:
    149
    Likes Received:
    418
    Occupation:
    chillin at bhw and internet marketing
    Location:
    on the net making my pockets fatter
    Yes, I'm well aware of why they took the servers and what the people were doing with them. I was just explaining what phatzilla probably meant with his post since 2011nfl thought he was making accusations.
     
  14. WildNight

    WildNight Newbie

    Joined:
    Jul 8, 2008
    Messages:
    11
    Likes Received:
    2
    Thanks for the warning :)
     
  15. Bestbuyfoam

    Bestbuyfoam Jr. VIP Jr. VIP Premium Member

    Joined:
    Nov 14, 2009
    Messages:
    1,637
    Likes Received:
    536
    I don't know if its true or not but thanks for the heads up.

    As always have a blessed one.
     
    • Thanks Thanks x 1
  16. oxonbeef

    oxonbeef BANNED BANNED

    Joined:
    Jan 4, 2009
    Messages:
    2,242
    Likes Received:
    7,872
    Because the net is dead now.
    It's only a dns change now.
    There is no security issue besides you may longer connect to your isp until you have
    reset your settings.
    Even if you don't check all you will need to do is call up your isp and enter the original setting.
    But I get your thinking.
    I will imagine they will do this when they take down their servers as anyone who is infected is
    actually being served by the FBI and not their ISP at present.
    How scary is that?
    You Know the FBI would've taken logs of your visits to see where you visit and why you would
    get infected in the first place.
     
    • Thanks Thanks x 2
    Last edited: Jul 7, 2012
  17. OldSalt

    OldSalt Moderator Staff Member Moderator Jr. VIP Premium Member

    Joined:
    May 19, 2009
    Messages:
    1,279
    Likes Received:
    7,437
    Gender:
    Male
    Occupation:
    IT Sys Admin
    Location:
    US, East Coast
    It's funny because I get news reports on my phone every morning when it wakes me up and I saw a story about exactly this. Not being one to believe news reports simply because I read them, I did a little quick research.

    http://www.snopes.com/computer/virus/dnschanger.asp

    There is no debate - It's 100% true.

    The first thing I did after I verified it's authenticity was go to the website mentioned both by Snopes and the article: http://www.dcwg.org/

    At the top of the page it links to a page for detection - Since I speak English, I chose http://www.dns-ok.us/ (other sites are listed on this page: http://www.dcwg.org/detect/ )

    I'm surprised that people would doubt this before they would do a simple search - I always check Snopes first myself but this wasn't hard to find.
     
    • Thanks Thanks x 2
  18. CyberknightTully

    CyberknightTully Junior Member Premium Member

    Joined:
    Feb 19, 2010
    Messages:
    136
    Likes Received:
    148
    Occupation:
    "Retired" and TIRED of it! Going to work for ME!
    Location:
    The Superstition Mountains Looking For The Lost Du
    I thanked you for the post and would have left positive rep but I've left too much rep lately, so I'll have to wait for a day. I'll get back to you on that for sure! You are 100% correct in your statement. Although Kudos to the OP, anyone with any sort of internet presence has been aware of this crap and has already fixed their computers if they were infected. It is the Mom and Pop types who basically only do email and who open everything they receive who will be affected by this.

    I do some computer "repair" on the side and expect to be swamped about July 10! One good thing though is that many people who bring me their computers don't pay so I end up with some nice boxes for NOTHING, which I format and then re-sell.

    :)
     
    • Thanks Thanks x 2
  19. wittyhat

    wittyhat BANNED BANNED

    Joined:
    Jul 4, 2012
    Messages:
    67
    Likes Received:
    6
    The News is True. I have received this warning from my isp provider. And i have received message, that my net could be down for hours.

    Due to some dns virus. I thought it is a joke. But when i see your post, i understood it is real. Thanks to 2011nfl.
     
    • Thanks Thanks x 1
  20. oxonbeef

    oxonbeef BANNED BANNED

    Joined:
    Jan 4, 2009
    Messages:
    2,242
    Likes Received:
    7,872
    What I don't understand is this botnet only changed the DNS and replaced ads.
    The FBI went all out to take it down and appease the big corporations.
    Yet the ones that steal your money, rob your data and mess up your computer are still running
    around in the wild.
    This was clearly about commerce and not about security.
    "What you had your credit card cloned?" "Oh you should get a better AV and ID protection insurance."
    But imagine all those Mom and Pops not clicking ads on Monday.
    I can see the shareholders sweating in their sleep.
     
    • Thanks Thanks x 5