Feds shift DNSChanger cut-off deadline to July

[Virus Guy]

FromTheRafters wrote:

> > I'm surprised I have to inform this concept to the readers of this
> > group.
>
> you make it sound like it's a new thing.

How so?

I was not implying that it is a new thing.

> > I was wondering why, in this case of operating a white-hat DNS
> > server for the benefit of thousands or hundreds of thousands of
> > trojanized PC's, that this technique of injecting a banner-ad
> > wasn't being done.
>
> I think it's because it isn't being done by the DNS server,

When-ever or where-ever it's done, the DNS server has to be involved for
the method to work. Whether or not the DNS server is also used as the
surrogate web server used to inject the ad-content is just an academic
question.

If you want ad-content to be injected, and if you already are operating
a "rogue" DNS server (either black or white hat) that is being used by
some population of comprimized PC's, then you have the ability to inject
the ads just by altering the software on your DNS server.

> Perhaps the authorities would have to 'take over' the ISPs *not*
> the DNS servers in order to do as you suggest?

No.

This issue pertains to a population of trojanized PC's or routers with
altered DNS settings. The PC's or routers have their DNS settings
pointing to a malicious server or servers (by way of a malicious IP
address I would guess).

Now someone somewhere (law enforcement) has granted a white-hat the
ability to route that DNS traffic away from the malicious IP address and
instead to his own server. I'm saying go the extra step and have that
server generate a banner ad telling the fools with comprimized systems
that they need to have their PC or router looked at and decontaminated.

The ISP's of those comprimized systems play no role in any of this.

[FromTheRafters]

Virus Guy wrote:
> FromTheRafters wrote:
>
>>> I'm surprised I have to inform this concept to the readers of this
>>> group.
>>
>> you make it sound like it's a new thing.
>
> How so?
>
> I was not implying that it is a new thing.

Yes, you only implied that we didn't already know. This has been
happening for quite a while.

>>> I was wondering why, in this case of operating a white-hat DNS
>>> server for the benefit of thousands or hundreds of thousands of
>>> trojanized PC's, that this technique of injecting a banner-ad
>>> wasn't being done.

Because in the scenario where it was being done - the ISP is involved in
hijacking the DNS response and supplying their own special page.

>> I think it's because it isn't being done by the DNS server,
>
> When-ever or where-ever it's done, the DNS server has to be involved for
> the method to work.

How so? That is, beyond the fact that a response has to exist for it to
be hijacked.

> Whether or not the DNS server is also used as the
> surrogate web server used to inject the ad-content is just an academic
> question.

The DNS server either supplies an address or it doesn't.

> If you want ad-content to be injected, and if you already are operating
> a "rogue" DNS server (either black or white hat) that is being used by
> some population of comprimized PC's, then you have the ability to inject
> the ads just by altering the software on your DNS server.

How does one do this?

>> Perhaps the authorities would have to 'take over' the ISPs *not*
>> the DNS servers in order to do as you suggest?
>
> No.
>
> This issue pertains to a population of trojanized PC's or routers with
> altered DNS settings. The PC's or routers have their DNS settings
> pointing to a malicious server or servers (by way of a malicious IP
> address I would guess).

Yes, and these can return whatever results they want to. What will the
client software do when they expect a numerical address or an error
response and they get some HTML instead?

> Now someone somewhere (law enforcement) has granted a white-hat the
> ability to route that DNS traffic away from the malicious IP address and
> instead to his own server. I'm saying go the extra step and have that
> server generate a banner ad telling the fools with comprimized systems
> that they need to have their PC or router looked at and decontaminated.

The DNS server is supposed to deliver HTML?

> The ISP's of those comprimized systems play no role in any of this.

Indeed, but the article you linked to did. They mucked with the response
from the DNS - not the DNS itself.

[~BD~]

FromTheRafters wrote:
> They mucked with the response from the DNS - not the DNS itself.

Were you around at the time Robear Dyer MVP made this post, FTR?

http://groups.google.com/group/micro...274a3269?hl=en

The links still work - but now go to an advertisement!

Here's a rather out-of-date list of DTS_L members, but the best I can
find. http://www.kellys-korner-xp.com/xp_dtsl_web_sites.htm

Do you know if this 'special' group of Microsoft MVP's is still in
existence? This post refers, albeit from some years ago.
http://groups.google.com/group/micro...6a46cb99?hl=en

If they *do* exist - what do they actually *do*?!!

--
Dave - "It is much better to be hated for what you are, than to be loved
for what you definitely are not." "Do unto others as you would have them
do unto you."

[Aardvark]

On Sun, 11 Mar 2012 19:35:52 +0000, ~BD~ wrote:

> FromTheRafters wrote:
>> They mucked with the response from the DNS - not the DNS itself.
>
> Were you around at the time Robear Dyer <SNIP>

> <SNIP NON SEQUITUR OFF-TOPIC ****>

Stay on-topic, you sto0pid ****.

--
"Any man's death diminishes me, because I am involved
in mankind, and therefore never send to know for whom
the bell tolls; it tolls for thee".
-John Donne (1572-1631)

[Dustin]

Aardvark <aardvark@aardvark.uk.tc> wrote in news:jjj30f$kht$1@dont-
email.me:

> On Sun, 11 Mar 2012 19:35:52 +0000, ~BD~ wrote:
>
>> FromTheRafters wrote:
>>> They mucked with the response from the DNS - not the DNS itself.
>>
>> Were you around at the time Robear Dyer <SNIP>
>
>> <SNIP NON SEQUITUR OFF-TOPIC ****>
>
> Stay on-topic, you sto0pid ****.
>

It's too complex for him. Virus_Guy has a better understanding.


--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by, and
the only thing that's wrong is to get caught. - J.C. Watts

[David H. Lipman]

From: "Dustin" <bughunter.dustin@gmail.com>

> Aardvark <aardvark@aardvark.uk.tc> wrote in news:jjj30f$kht$1@dont-
> email.me:
>
>> On Sun, 11 Mar 2012 19:35:52 +0000, ~BD~ wrote:
>>
>>> FromTheRafters wrote:
>>>> They mucked with the response from the DNS - not the DNS itself.
>>>
>>> Were you around at the time Robear Dyer <SNIP>
>>
>>> <SNIP NON SEQUITUR OFF-TOPIC ****>
>>
>> Stay on-topic, you sto0pid ****.
>>
> It's too complex for him. Virus_Guy has a better understanding.
>

Yes, but a half a bubble off plumb.



--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

[Aardvark]

On Sun, 11 Mar 2012 21:11:24 +0000, Dustin wrote:

> Aardvark <aardvark@aardvark.uk.tc> wrote in news:jjj30f$kht$1@dont-
> email.me:
>
>> On Sun, 11 Mar 2012 19:35:52 +0000, ~BD~ wrote:
>>
>>> FromTheRafters wrote:
>>>> They mucked with the response from the DNS - not the DNS itself.
>>>
>>> Were you around at the time Robear Dyer <SNIP>
>>
>>> <SNIP NON SEQUITUR OFF-TOPIC ****>
>>
>> Stay on-topic, you sto0pid ****.
>>
>>
> It's too complex for him. Virus_Guy has a better understanding.

LOL. IAWTP.

The thread is interesting and all he wants to do is further his own
ridiculous agenda by changing its theme.



--
"Any man's death diminishes me, because I am involved
in mankind, and therefore never send to know for whom
the bell tolls; it tolls for thee".
-John Donne (1572-1631)

[David H. Lipman]

From: "Aardvark" <aardvark@aardvark.uk.tc>

> On Sun, 11 Mar 2012 21:11:24 +0000, Dustin wrote:
>
>> Aardvark <aardvark@aardvark.uk.tc> wrote in news:jjj30f$kht$1@dont-
>> email.me:
>>
>>> On Sun, 11 Mar 2012 19:35:52 +0000, ~BD~ wrote:
>>>
>>>> FromTheRafters wrote:
>>>>> They mucked with the response from the DNS - not the DNS itself.
>>>>
>>>> Were you around at the time Robear Dyer <SNIP>
>>>
>>>> <SNIP NON SEQUITUR OFF-TOPIC ****>
>>>
>>> Stay on-topic, you sto0pid ****.
>>>
>> It's too complex for him. Virus_Guy has a better understanding.
>
> LOL. IAWTP.
>
> The thread is interesting and all he wants to do is further his own
> ridiculous agenda by changing its theme.
>

Its actually sad to see someone publically piss all over themselves. Even
worse by the fact that they are unaware that they are doing it in the first
place.



--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

[Peter Foldes]

"~BD~" <~BD~@nomail.afraid.org> wrote in message
news:I_Sdna-Ca4sEY8HSnZ2dnUVZ8sqdnZ2d@bt.com...

> Do you know if this 'special' group of Microsoft MVP's is still in existence? This
> post refers, albeit from some years ago.
> http://groups.google.com/group/micro...6a46cb99?hl=en
>
> If they *do* exist - what do they actually *do*?!!




Why do you want to and on purpose change the subject at hand. Stay on topic.

BTW: Frank has passed away in 2008 and the MVP Private group is still very much in
existence and active. They all love you so much that they decided not to respond to
you in any newsgroups or on any server related sites. The agreement was 100% in
agreement with everyone. Robear sends his love as does Kelly. Now go and jump into a
lake which is infested with gators or piranhas for a first hand look how they
survive by not starving.

BTW: I love you too

JS

[FromTheRafters]

~BD~ wrote:
> FromTheRafters wrote:
>> They mucked with the response from the DNS - not the DNS itself.
>
> Were you around at the time Robear Dyer MVP made this post, FTR?
>
> http://groups.google.com/group/micro...274a3269?hl=en

Probably, as I'm no spring chicken.

> The links still work - but now go to an advertisement!
>
> Here's a rather out-of-date list of DTS_L members, but the best I can
> find. http://www.kellys-korner-xp.com/xp_dtsl_web_sites.htm
>
> Do you know if this 'special' group of Microsoft MVP's is still in
> existence? This post refers, albeit from some years ago.
> http://groups.google.com/group/micro...6a46cb99?hl=en
>
> If they *do* exist - what do they actually *do*?!!

As I recall, it was a website temporarily put up by members of a mailing
list. They helped people with computer related problems.

Here's another web relic for you to wonder about as you wander about.

http://members.shaw.ca/dts-l/default.htm

The web needs a garbage collector, eh?