MANILA, Philippines — Leading telecommunications firm Philippine Long Distance Telephone Co. (PLDT) and its wireless arm Smart Communications urged Pinoy Internet users to check if they have been infected with a malware which will restrict their Internet access if not removed by July 9.
The malware, called DNSChanger, was discovered to be re-routing Internet traffic of infected PCs to servers of a group of Internet hackers, which allows them to display advertisements or spread malware to more users.
Once infected, the Domain Name Settings (DNS) of an infested computer will be changed to that of the hackers’ servers. Reports said systems have started to become infected when they visited similarly infected websites, “or downloaded particular software to view videos online,” according to technology news site CNet.
In addition to changing the DNS servers of the computer, the malware has also been known to prevent antivirus updates from occurring, which means traditional security software couldn’t possibly detect the infection.
The group behind the malware has since been arrested by authorities in 2011, but the temporary redirection servers set up by law enforcement bodies to give users the time to clean up their systems will soon be shut down.
“If you fail to take action, you may not be able to access Internet websites and use web services like email and search,” said PLDT and Smart Spokesperson Ramon Isberto in a statement.
To check if your system is infected, PLDT and Smart urged to go through your computer’s settings:
Windows
1. Click Start
2. Open the Command Window
3. (For Windows 7) Type cmd at the search bar
4. (For Windows XP) Click Run, then type cmd at the bar
5. Type ipconfig /all
6. Search for the DNS Servers section
Mac OS X
1. Click the Apple icon an the top left of the screen
2. Select System Preferences
3. Locate the “Network” icon
4. Read the “DNS Server” line
If the DNS servers are pointed at any of the following addresses, then it means the system is infected:
• 85.255.112.0 through 85.255.127.255
• 67.210.0.0 through 67.210.15.255
• 93.188.160.0 through 93.188.167.255
• 77.67.83.0 through 77.67.83.255
• 213.109.64.0 through 213.109.79.255
• 64.28.176.0 through 64.28.191.255
Alternatively, users can visit the following websites to automatically check if their units have the DNSChanger malware: http://www.dns-ok.us/ and http://dnschanger.detect.my.
To permanently rid your system of the malware, you can use various services put up by security software firms such as Kaspersky , ESET, McAfee , Microsoft , Norton, and Trend Micro.
source: interaksyon.com