A botnet operated by Rove Digital altered user DNS settings, pointing victims to malicious DNS in data centers in Estonia, New York, and Chicago.
The malicious DNS servers would give fake, malicious answers, altering user searches, and promoting fake and dangerous products.
& netted the attackers at least $14 million Because every web search starts with DNS, the malware showed users an altered version of the Internet.
Under a court order, expiring July 9, the Internet Systems Consortium is operating replacement DNS servers for the Rove Digital network.
This will allow affected networks time to identify infected hosts, and avoid sudden disruption of services to victim machines.
When the FBI and others arrested six Estonians last November, the agency replaced the rogue servers with Vixie's clean ones.
Installing and running the two substitute servers for eight months is costing the federal government about $87,000.
"we get to the point where we say, how are we going to do this, how are we going to clean the system without creating a bigger mess than before."
but thease systems must be shut down july 9th but this has thousands of computers reliant on the confiscated servers.
more than 570,000 computers infected worldwide .
installed malicious software that turned off antivirus updates
changed the way the computers reconcile website addresses on the Internet's domain name system.
that translates a web address — such as www.ap.org — into the numerical addresses that computers actualy use.
then Five months later, FBI estimates that the number is down to at least 360,000.
The U.S. has the most, about 85,000, federal authorities said.
Other countries with more than 20,000 each include Italy, India, England and Germany.
Smaller numbers are online in Spain, France, Canada, China and Mexico.
Vixie said most of the victims are probably individual home users, rather than corporations that have technology staffs who routinely check the computers.
DOS TO THE RESCUE AGAIN?
In DOS shell, type in the command: ipconfig /all and hit enter.
The command you entered displays information about your computer’s network settings.
Read the line starting with "DNS Servers".
There might be two or more IP addresses listed there.
These are the DNS servers your computer uses.
Write down these numbers
The malicious Rove viruses changed some peoples DNS settings to use computers they operated.
Compare your DNS settings with the known malicious Rove DNS settings listed below:
Starting IP Ending IP CIDR
126.96.36.199 188.8.131.52 184.108.40.206/20
220.127.116.11 18.104.22.168 22.214.171.124/20
126.96.36.199 188.8.131.52 184.108.40.206/21
220.127.116.11 18.104.22.168 22.214.171.124/24
126.96.36.199 188.8.131.52 184.108.40.206/20
220.127.116.11 18.104.22.168 22.214.171.124/20