Security and Anti-Virus

turn on suggestions spacer
  • Register
  • ·
  • Sign In
  • Posting Guidelines
  • |
  • Help with Forums
  • Comcast Help and Support Forums
  • >
  • Xfinity Internet
  • >
  • Security and Anti-Virus
  • >
  • DNS Changer Bot FAQ.
Reply
Topic Options
  • « Message Listing
  • « Previous Topic
  • Next Topic »
cc_adame spacer
Moderator
spacer
Posts: 283
Registered: 09-13-2010
6

DNS Changer Bot FAQ.

[ Edited ]
Options

03-06-2012 04:29 PM - edited 07-08-2012 10:31 PM

Federal authorities were given permission to extend the operation of the ISC Servers to July 9th,

originally March 8th.

 

Q. What is the Alureon/DNS Changer bot?

A. Wikipedia has a great article on this: en.wikipedia.org/wiki/Alureon

Basically, it's a bot that hijacks your DNS to redirect your legitimate traffic to fake sites in order to steal your personal information (such as user names, passwords and credit card numbers).

 

Q. I received a notification, why?

A. We saw your modem querying the known bad ip addresses, indicative of this specific malware. You may have received a notice from us as an email, in-browser notice or via the U.S. Postal Service.

 

Q. How do you know I'm infected?

A. The ISC have taken over the bad servers, and replaced them with legit ones. We get data from ISC

that tells us which Comcast ip addresses are still using these servers for domain name resolution (DNS). If you were not infected, nothing behind your modem would be using them.

 

Q. Can you tell me which Computer it was?

A. Unfortunately, no. That would require us to do deep packet inspecting, which is invasive. To

keep your privacy intact, we can only see what your modem did. It's also likely that your router has had it's settings changed by the bot. We encourage that you check all devices in your home that use the internet.

 

Q. I have a Mac, can this be affected?

A. Yes. We have seen many Mac's infected with this bot already. It's also likely that your router has had it's settings changed by the bot. We encourage that you check all devices in your home that use the internet.

 

Q. Are you turning off my service if I can't fix this?

A. No, Comcast will not disable or disconnect your service.  Because of the changes to your internet settings that the bot may have made, your internet service will no longer function unless you change the settings back. This can be done through our one-click fixes or manually… Visit xfinity.com/dnsbot to learn how.

 

Q. How can I tell if I'm still infected?

A. You can visit https://amibotted.comcast.net to see if you're still infected with The DNS

Changer bot, and others as well. You can also visit www.dns-ok.us to see if you're infected with the DNS Changer specifically.

 

Additionally, www.dcwg.org/ can help you find more links and information about this specific bot.

 

Q. Was the FBI involved?

A. Yes. The FBI was a key player in the takedown of this botnet. You can read more about Operation Ghost Click on the FBI website here: www.fbi.gov/news/stories/2011/november/malware_110911

 

As always, feedback is appreciated. 

--
Adam
Comcast National Engineering
Message 1 of 3 (296,520 Views)
 
jlivingood
gipoco.com is neither affiliated with the authors of this page nor responsible for its contents. This is a safe-cache copy of the original web site.