New DNS Spyware
#1
New DNS Spyware
New spyware out today that comes in through your Comcast connection via the DNS server.
If you get a webpage that says it is from supportcomcast or something like that wherever you attempt to surf, you are infected, but it is not an actual file on your PC.
They want you to put in your private info on the website, do not.
Also the phone # they list is bogus, it is a busy signal, thus tricking you to use your browser to give them your info.
I ran my spyware apps many times this morning, with no fix.
Comcast told me on the tele a bit ago how to fix it.
Go to your start button and find the run command.
Once there type in cmd, hit enter.
In the text box type in
ipconfig /release
hit enter, and all commands after typing in ipconfig have a space after that word and before the / symbol.
Now type in ipconfig /flushdns
hit enter
Now type in ipconfig /renew
hit enter
Go to your Control Panel on your start button.
Choose Internet Options, and delete cookie and temp. internet files.
Then go below and clear your history.
This is new today, someone took over the dns somehow and it redirecting you to that spyware page.
Hopefully Comcast will add this info to their website soon.
If you get a webpage that says it is from supportcomcast or something like that wherever you attempt to surf, you are infected, but it is not an actual file on your PC.
They want you to put in your private info on the website, do not.
Also the phone # they list is bogus, it is a busy signal, thus tricking you to use your browser to give them your info.
I ran my spyware apps many times this morning, with no fix.
Comcast told me on the tele a bit ago how to fix it.
Go to your start button and find the run command.
Once there type in cmd, hit enter.
In the text box type in
ipconfig /release
hit enter, and all commands after typing in ipconfig have a space after that word and before the / symbol.
Now type in ipconfig /flushdns
hit enter
Now type in ipconfig /renew
hit enter
Go to your Control Panel on your start button.
Choose Internet Options, and delete cookie and temp. internet files.
Then go below and clear your history.
This is new today, someone took over the dns somehow and it redirecting you to that spyware page.
Hopefully Comcast will add this info to their website soon.
#2
PS, it just happened to me again as soon as I posted this.
I had to go through all the above steps and do them all over again.
Whoever created this dns spyware thing needs to be shot.
I am sure it will effect me again very soon.
Here is some info member Drew found over on DLS Reports site.
http://www.dslreports.com/forum/remark,18480900
I had to go through all the above steps and do them all over again.
Whoever created this dns spyware thing needs to be shot.
I am sure it will effect me again very soon.
Here is some info member Drew found over on DLS Reports site.
http://www.dslreports.com/forum/remark,18480900
#3
If anyone has problems, try getting rid of your Comcast DNS numbers and use the Open DNS ones as detailed in the URL I posted above.
I have been attacked about 5 times this morning, but since switching over to the new DNS #s, it seems to be working OK.
I bet Comcast is having a major blowout on with this issue.
Pretty scary when someone can take control of your surfing like that.
I have been attacked about 5 times this morning, but since switching over to the new DNS #s, it seems to be working OK.
I bet Comcast is having a major blowout on with this issue.
Pretty scary when someone can take control of your surfing like that.
#4
Contributing Member
Join Date: Sep 2002
Location: Mission, British Columbia
Posts: 1,610
Likes: 0
Received 0 Likes
on
0 Posts
Hey corey about the opendns thing, all you should have to do is change the dns settings in your network properties page for your network adapter. I downloaded the image with the settings:
#6
Thanks Arjan, I inputted as I described over on DSL's forum in both places.
All is working well, the problem has not come back.
From what I read over there, the speculation is somehow the dns servers for Comcast in WA., OR., ID., and CO. were taken over by some perp who started the attack.
91, it should not effect you since you are on the Eastern side of things.
What was frustrating earlier today was that I thought I actually had the spyware on my PC, but the repeated tests did not reveal anything thing out of the ordinary.
And I bet a lot of people will fall for that fake page and enter their info, I almost did, and I never fall for Internet scams.
Calling that 800 # on the page will get you nowhere, that is how they they trap you into getting into the chat session which is bogus, but you have already entered your info to get into the chat.
What I think they would then do with your info is setup multiple email accounts and then start mass spamming via your hi-jacked email accounts.
And here is a screenshot of the page that I and many others were seeing earlier.
It did not matter what you typed in your URL bar or what bookmark you clicked on, this screen would come up in your browser.
Whoever created it did a lot of planning on this one.
All is working well, the problem has not come back.
From what I read over there, the speculation is somehow the dns servers for Comcast in WA., OR., ID., and CO. were taken over by some perp who started the attack.
91, it should not effect you since you are on the Eastern side of things.
What was frustrating earlier today was that I thought I actually had the spyware on my PC, but the repeated tests did not reveal anything thing out of the ordinary.
And I bet a lot of people will fall for that fake page and enter their info, I almost did, and I never fall for Internet scams.
Calling that 800 # on the page will get you nowhere, that is how they they trap you into getting into the chat session which is bogus, but you have already entered your info to get into the chat.
What I think they would then do with your info is setup multiple email accounts and then start mass spamming via your hi-jacked email accounts.
And here is a screenshot of the page that I and many others were seeing earlier.
It did not matter what you typed in your URL bar or what bookmark you clicked on, this screen would come up in your browser.
Whoever created it did a lot of planning on this one.
Trending Topics
#8
I got on the site just fine, and read through the FAQ over there about them.
Seems now the page I and others were being redirected to may be legit after all, and not a hackers attempt to get our info.
But Comcast still fubared up something bigtime for us to get that page.
I bet they keep it hush hush, but it will leak out to some websites as to how it happened.
Seems now the page I and others were being redirected to may be legit after all, and not a hackers attempt to get our info.
But Comcast still fubared up something bigtime for us to get that page.
I bet they keep it hush hush, but it will leak out to some websites as to how it happened.
#10
Well..this thing made it to the east coast. I'm having the same problem, I get re-directed to there web page every time I search. I'm trying to work it out right now. McAfee and the newest AVG can't find anything. and cablevision is no help what-so-ever!
Craig.
Craig.
Last edited by CAM 1; 12-08-2007 at 08:40 AM.
#11
Cablevision, that is your ISP?
See is anything comes up here.
http://www.dslreports.com/forums/4
By the way, I am still using Open DNS's numbers, I have not gone back to Comcasts.
The only thing is you have to type in .com .net, ect after an URL, or it will bring up Open DNS's search page.
See is anything comes up here.
http://www.dslreports.com/forums/4
By the way, I am still using Open DNS's numbers, I have not gone back to Comcasts.
The only thing is you have to type in .com .net, ect after an URL, or it will bring up Open DNS's search page.
#12
Registered User
Join Date: Jul 2006
Location: Halifax, NS, Canada
Posts: 844
Likes: 0
Received 0 Likes
on
0 Posts
for the more nerdy amongst us it's relatively simple to run your own nameserver locally and avoid this kind of thing from happening ever again. if you're using unix or mac os x it's easy as pie. you could probably find some kind of strange bind port for windows if you wanted, too.
#13
lol sounds like you have a nice little browser hijack... Try running Malwarebytes... (its a free download) to rid yourself of those nasty little things... I work in a computer repair shop and I see that all the time...
btw watchout for the virus called antivirus2009 its horrible...
btw watchout for the virus called antivirus2009 its horrible...
#14
lol sounds like you have a nice little browser hijack... Try running Malwarebytes... (its a free download) to rid yourself of those nasty little things... I work in a computer repair shop and I see that all the time...
btw watchout for the virus called antivirus2009 its horrible...
btw watchout for the virus called antivirus2009 its horrible...
Many got hit with it as seen at Comcasts forum on DSL Reports.
http://www.dslreports.com/forum/comcast
Comcast was the one that got hijacked actually, they just did not want to fess up to it.
It effected many people that day.
#15
Registered User
Join Date: Dec 2008
Location: DFW, Texas!
Posts: 1,015
Likes: 0
Received 0 Likes
on
0 Posts
When there are DNS-based attacks like this, you can always just hardcode your DNS server to something away from the hijacked servers.
One I use for network testing is 4.2.2.2, a leftover from Genuity (previously BBN Planet).
One I use for network testing is 4.2.2.2, a leftover from Genuity (previously BBN Planet).
Thread
Thread Starter
Forum
Replies
Last Post
Stegall984R
Computer Talk
16
09-19-2005 06:20 PM