1. DNSChanger マルウェア
感染するとDNS(キャッシュ)サーバ設定を書き換えられて、フィッシングサイトに連れ込まれます。
- インターネット接続できなくなるわけではありません。
Google 検索すると上部に感染警告が表示されるようになったそうです。
危険なDNS(キャッシュ)サーバを指定しての/実験結果05/24です。
1.1. FBI リンク
Home • Check to See if Your Computer is Using Rogue DNS
https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS
検査のためのアクセス(us) http://www.dns-ok.us/
FBI の dns-changer-malware.pdf より
1.2. Am I Infected?
The best way to determine if your computer or SOHO router has been affected by DNSChanger is to have them evaluated by a computer professional. プロに頼むのが一番いいが、自分でもやれることが以下にある。 However, the following steps can help you gather information before consulting a computer professional. To determine if a computer is using rogue DNS servers, it is necessary to check the DNS server settings on the computer. (1) コンピュータのDNS設定を調べること。 If the computer is connected to a wireless access point or router, the settings on those devices should be checked as well. (2) アクセスポイントやルータの設定も調べること。
1.3. Rogue DNS Servers
以下の範囲を指定していたら、汚染されている。
85.255.112.0 --- 85.255.127.255 [85.255.112.0/20] 67.210.0.0 --- 67.210.15.255 [67.210.0.0/20] 93.188.160.0 --- 93.188.167.255 [93.188.160.0/21] 77.67.83.0 --- 77.67.83.255 [77.67.83.0/24] 213.109.64.0 --- 213.109.79.255 [213.109.64.0/20] 64.28.176.0 --- 64.28.191.255 [64.28.176.0/20]
1.4. Checking the Router
Small office/home office routers connect your network of computers and devices to your Internet service provider. The SOHO router may have been purchased and installed by you or installed by your ISP. Linksys, D-Link, Netgear, and Cisco are common SOHO router brands, but there are many others.
DNSChanger malware は SOHOルータの設定も変更する機能をもつ。
The DNSChanger malware is capable of changing the DNS server settings within SOHO routers that have the default username and password provided by the manufacturer. If you did not change the default password at the time the SOHO router was installed, you must check the SOHO router settings.
The procedure to access your SOHO router setting varies by manufacturer, so consult your product documentation.
Once you have access to the SOHO router configuration, compare the DNS servers listed to those in the rogue DNS servers table above.
If your SOHO router is configured to use one or more of the rogue DNS servers, a computer on your network may be infected with DNSChanger malware.
1.5. JPCERT
https://www.jpcert.or.jp/pr/2012/pr120002.html
- DNS Changer マルウエア感染確認サイト
※運用期間は、2012年5月22日~2012年7月9日を予定しています
不正な DNS サーバを参照していないかで ...
とありますが、これは正しくない。
1.6. Google
http://googleonlinesecurity.blogspot.jp/2012/05/notifying-users-affected-by-dnschanger.html
http://itpro.nikkeibp.co.jp/article/NEWS/20120524/398741/
CNETによると
"The warning will be at the top of the search results page for regular searches and image searches and news searches," Google security engineer Damian Menscher told CNET this morning. "The text will say, 'Your computer appears to be infected,' and it will give additional detail warning them that they may not be able to connect to the Internet in the future."
1.7. dns-ok.qmail.jp
qmail.jp でも検査します。http://dns-ok.qmail.jp
-- ToshinoriMaeno 2012-05-24 10:57:43
こういう警告がでるひとは、対応してください。
