You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2008-12-17 13:03:37
- jorpheus
- Member
- Registered: 2008-11-07
- Posts: 98
DNSChanger
About a week ago, I came home (to my dorm room), booted Arch, F12 for Stjerm, net.sh for Internets. It went through just fine (or so it seemed, later I noticed the "Wrong state 9", which was to haunt me later), so I opened Firefox, typed gmail.com, and... nothing. Nada. Nichts. Tried pinging google, as well as a few .hr sites, still the same result. This went on for every afternoon until the weekend, when everything went back to normal. I thought it was the (rather incompetent) admins fumbling with something again, as the "largest LAN in the state" crashes quite often. However, come Monday, same thing. Works before noon, doesn't work after it. Not for me, not for my Windows-using roommate, not for anyone I asked. So, yesterday, I see a printed notice, which, in essence, said a lot of users have become infected with the trojan in the subject, this thing changes the DNS address after authentication, blah blah blah - okay, a lot of Windows users *might* be affected, but me? And *everyone* (AFAIK) else? Across all dorms? Around 7k students? O rly? There was a work-around (of course, with instructions only for Windows users, heh), namely specify the DNS address, this worked for both me and my roommate, and so I google this thing - and guess what OS it _doesn't_ infect. Besides, I'm not exactly new to computer security, and the last time I had a virus was when I was new to it - a version of One.half, using Windows 95, may the gods rest them in piss.
The question that now bothers me is - if and how is it possible that _some_ infected Windows/OS X users affect everyone else? Unless the servers are infected themselves? I just read it attacks routers, which would make sense, since everyone here goes through them. It doesn't make much sense to me, but then again, I'm not really very knowledgeable about this stuff.
Offline
#2 2008-12-17 19:37:22
- jorpheus
- Member
- Registered: 2008-11-07
- Posts: 98
Re: DNSChanger
Update:
I found a description of how it works....turns out, I don't have to be infected. It's enough that someone is, that someone connects to the LAN, I connect, he screws with my DNS. Mystery solved. I just wish the answer wasn't so kafkaesque (you get screwed for simply being).
Offline
#3 2008-12-21 02:55:19
- quadmachine
- Member
- Registered: 2008-12-08
- Posts: 18
Re: DNSChanger
Heh, Bernard Grgic FTW 
Our beloved admin
Cheers!
format c:\ | rm -rf /
Offline
Pages: 1