Fake Flash Player Update pop up When try to access Google or Gmail

Today some of my clients had problem with accessing Google and Gmail, they were getting a message says like “WARNING! Your flash Player may be out of date. Please update to continue".

If they tried to close or OK to the pop up message it redirect them a webpage looks like adobe and prompt to download different products.

During my research I found, it is a DNS hijack. In my previous post I have explained whatis DNS hijacking and how does it work

To fix this problem, you need to check your DNS server configuration on your computer and router. For this follow the below steps

1. Open Command prompt (Start->Run->Type ‘cmd’)

2. In command prompt, type the command ipconfig /all and press enter

3. Then check the DNS server entry and if it is 23.253.94.129, no doubt that is the culprit

Now you need to remove this entry from your computer or router

Open the Control panel, then Network and Sharing Center and access the active network card properties and change DNS server address. If it is not there, you have to check router and reset the settings.  Depends on the router model, these settings may be vary. If you know your router IP, User name and password, just login and check for DNS configuration settings. 

It is highly recommend to run a deep scan with updated Antivirus program to find out the dropper files if any. All the best !!!

Share your comments about this new threat if you are aware of it. 

Read More

Find the Fastest DNS Server For your Computer using Namebench

In the past we covered an article about Top three Free DNSservices. As I said in the article you can try Public DNS servers if your local internet service provider doesn't have a fastest DNS server. But the speed will vary depends on your geographic location. So you might think now how to check which one is the best.

Today I would like to share a Free tool Namebench, which will compare your local DNS server with others and help you to find a faster one. In order to provide an individualized recommendation, this tool runs a fair and thorough benchmark using your web browser history, tcp dump output, or standardized data sets.

1. Download Namebench and execute. Then click on Start Benck Mark

2. It may take 10-15 minutes and you can see the queries it’s running through at the botom left side of the tool

3. Once it done, it will show you what DNS server is fastest for your system based on the report it generate

You can export the results and compare the DNS queries to check how fast your current DNS server is.

Note: It is an open source project that is in continuing development, so results may not be perfect. But it is a free utility which help you to find out the fastest DNS server for you.

Read More

Top three Free DNS services

For fast browsing DNS queries need to be resolved quickly as possible. If your local internet service provider doesn’t have the fastest DNS servers, you can try the below free DNS services to get better browsing experience.

Google DNS

Preferred: 8.8.8.8
Alternate: 8.8.4.4

OpenDNS

Preferred: 208.67.222.222
Alternate: 208.67.220.220

Norton ConnectSafe

Preferred: 198.153.192.50
Alternate: 198.153.194.50

Read More

Facebook and Google Notification about DNSChanger Trojan

Going forward Facebook will notify users who have DNSChanger malware on their computer. You will receive an alert from Facebook says "Your computer or network might be infected" while browsing on Facebook if your computer is infected with this Trojan.

When a user browses to Facebook from a DNSChanger-infected computer, the social networking giant will display an alert with a link to the DNSChanger Working Group’s website which contains information about the malware and instructions on cleaning up the infection.

Google announced a similar plan back on May and displays alerts to victims through its search pages. 

Do I need to worry about this message?

Like in my previous post this news is spreading across the world that they will lose the Internet access on July 9th who hasn’t taken steps to make sure their systems are not infected with DNS changer Trojan. Click here and check yourself whether your computer is infected or not.

Comments would be appreciated if you had this problem and share the way you did resolve. 

Read More

DNS Changer Trojan - How to detect and remove?

July 9 might be "Internet doomsday" for PC and Mac users who haven't taken steps to make sure their systems are not infected with what's being called DNS Changer malware.

This news is spreading across the world. Your Internet connection may not work on that day if your computer is infected with this dangerous DNS Changer Trojan.

In my previous post we have discussed about the DNShijacking, this malware is doing the same by replace the default DNS IP address with rogue DNS server. These malicious DNS servers alter the user searches and redirect to fake websites and prompt to download dangerous product. This threat also known as TDSS, Tidserv etc...

DNS Changer malware causes a computer to use rogue DNS servers in one of two ways. First, it changes the computer’s DNS server settings to replace the ISP’s good DNS servers with rogue DNS servers operated by the criminal. Second, it attempts to access devices on the victim’s small office/home office (SOHO) network that run a dynamic host configuration protocol (DHCP) server (eg. a router or home gateway). The malware attempts to access these devices using common default usernames and passwords and, if successful, changes the DNS servers these devices use from the ISP’s good DNS servers to rogue DNS servers operated by the criminals. This is a change that may impact all computers on the SOHO network, even if those computers are not infected with the malware.

If you want to make sure that your computer is not infected with this dangerous Trojan, visit the website http://www.dcwg.org/detect and follow the instructions. During diagnose if you find that your computer is infected, visit http://www.dcwg.org/fix/ to fix the problem.

Read More

DNS Hijacking - How does it work?

One day when I turn on the computer, I have noticed that my Antivirus program is not functioning properly and was not getting the update. Also if I search something in Google or any search engines it redirecting me somewhere else other than my search queries. Later I realized somehow my DNS IP address is changed and that causing the problem.

DNS represents the abbreviation for a Domain Name Server and it provides host name resolution for TCP/IP networks by translating host name to IP Address and vice versa. Domain names are used to identify websites because they are easier to remember than a series of numbers that make up an IP address.

Hackers using rogue DNS servers to inject malwares on PC by redirecting the search queries. Once the DNS address is hijacked to a rogue DNS server, whenever the users access any site suppose 'Google.com", the request is sent to the Rouge DNS server which uses the query to display relevant ads to the query. This is also used to stop the Antivirus and Windows from getting update and access the secured websites.

Another danger of DNS hijacking occurs when the user is unaware that they are on a bogus DNS server. If the user continues to surf on the bogus DNS server and they search for other websites, they most likely will end up visiting more malicious sites.

Rogue DNS IP Ranges 

Symptoms if computer infected with DNS Changer Trojan

• Search Redirection
• Unable to access any secured website
• Not able to complete the Windows and Antivirus update

How do I check the DNS address?

1. Open Command prompt (Start->Run->Type ‘cmd’)
2.  In command prompt, type the command ipconfig /all and press enter

What should do if DNS Hijacked?

• Contact ISP and change the Rogue DNS IP Address
• Scan your computer with Antivirus program

Read More