Alureon Malware
#1
Posted 11 July 2012 - 06:09 PM
Many dns servers are affected by this situation. So I can not connect to the reboot.pro from Turkey. But I solved this problem with the www.hidemyass.com for the time being. Best regards
http://www.bgr.in/ne...lureon-malware/
#2
Posted 11 July 2012 - 08:10 PM
When accessing http://filename.pro that is on the same server without using cloudflare, it worked fine. I just disabled cloudflare on reboot and we are back in order.
#3
Posted 11 July 2012 - 08:23 PM
You misinterpret me. This problem stems from dns servers around the world. That is a general problem. So it will take some time to clean up from this malware for all dns servers. Best regards
#4
Posted 11 July 2012 - 08:31 PM
Alureon Malware yeni çıkan bir tehdit mi ?
#5
Posted 11 July 2012 - 08:32 PM
I also have had this trouble many times today.
Now I know that it is not a reboot.pro site issue.
Nuno: As you told us, you disabled cloudflare and the site still does work properly (currently better).
What's the reason to have cloudflare doing here something?
Peter
#6
Posted 11 July 2012 - 08:38 PM
Ok then, let's wait until things get back to normal.Hi Nuno Brito
You misinterpret me. This problem stems from dns servers around the world. That is a general problem. So it will take some time to clean up from this malware for all dns servers. Best regards
I am using their cache service to provide static resources such as small images faster, this brings down the level of bandwidth and CPU processing imposed on our server. It is free to use, saved around 70% of our bandwidth when it was working as intended.Thanks, Max!
I also have had this trouble many times today.
Now I know that it is not a reboot.pro site issue.
Nuno: As you told us, you disabled cloudflare and the site still does work properly (currently better).
What's the reason to have cloudflare doing here something?
- pscEx likes this
#7
Posted 12 July 2012 - 09:04 AM
There is nothing wrong with the DNS servers itself. The Alureon malware only changed the default DNS server used by the client (Windows or Mac) to lookup domainnames. If you have the Alureon malware, you can't lookup any DNS addresses anymore (so http://www.google.com can't be resolved to an IP address) (unless you have a secondary DNS server address setup), so you can only visit websites if you know the IP address. But most servers host multiple websites from the same IP, so only if you add it to your host file, you will be able to visit those websites when you can't do and DNS server lookups anymore.You misinterpret me. This problem stems from dns servers around the world. That is a general problem. So it will take some time to clean up from this malware for all dns servers. Best regards
- Max_Real Qnx likes this
#8
Posted 12 July 2012 - 05:36 PM
Thank you for your good explanation. But I want to ask one question only. If this malicious code infected to the dns server, what happens ? Ultimately, this dns servers is not the computer ? Therefore we can not able to reach the internet pages occasional. These dns servers need to be cleaned by antivirus software from this harm code. Am I wrong ? Kind regards
#9
Posted 12 July 2012 - 05:40 PM
I also have had the troubles to reach reboot.pro. But several scanners told me that my PC is not infected.
So, where is the real "working point"
Peter
- Max_Real Qnx likes this
#10
Posted 13 July 2012 - 06:37 AM
The unreachability of reboot.pro had nothing to do with the malware (as the malware doesn't infect the DNS server itself). But the default DNS server you use, can be unreachable for a while. I sometimes have it that the DNS server of my ISP is down or unreachable. Changing the DNS server IP address to another server temporarily, fixes it.
For example, you can use googles DNS server for a while (save the values of your current DNS server). It is easy to remember:
8.8.8.8
Or you can use openDNS: http://www.opendns.com/
IP address:
208.67.222.222
208.67.220.220
#11
Posted 13 July 2012 - 03:49 PM
#12
Posted 14 July 2012 - 03:21 AM
Let me ask you first why you are pointing fingers towards a malware? Next, if you are convinced somehow that you have been infected by a malware, then why Alureon only?But do you have evidence that supports what you said ?
Yes, it can. But, IMO, there are only two possibilities when it can happen.How can not a virus infected itself to the dns servers ?
- Either the server owners have to use the DNS server PC for downloading movies, torrents, online gaming, watching XXX sites, grabbing softwares, chatting on Facebook or in general surfing Internet where "by chance" the malware gets downloaded "locally" and executed on the server PC itself.
- Or, there must exist some known or unknown vulnerability in the DNS server daemon itself which would allow the attacker to gain control on the DNS database "remotely".
If it happens, then what is called DNS poisoning takes place.If it can do that, what happens ?
#13
Posted 14 July 2012 - 04:19 PM
Let me ask you first why you are pointing fingers towards a malware? Next, if you are convinced somehow that you have been infected by a malware, then why Alureon only?
Hi Holmes.Sherlock
Thank you for your understandable comments. Because this is not just a simple virus. It have a very complex structure. Unfortunately, it has a worldwide spread. I think, therefore it is dangerous as not to be underestimated so too much. Best regards
http://www.dailymail...net-Monday.html
http://support.kaspe.../?qid=208280684
#14
Posted 10 August 2012 - 09:23 PM
http://www.chron.com...uly-3497916.php
This undated handout image provided by The DNS Changer Working Group (DCWG) shows the webpage. It will only take a few clicks of the mouse. But for hundreds of thousands of computer users, those clicks could mean the difference between staying online and losing their connections this July
http://www.dcwg.org/detect/
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users