How to check if you are a victim of Ghost Click

38 Replies

Ghost in the Machine

used by permission from flattop341 Flickr photostream


 

Trend Micro and the FBI are very pleased to announce today the dismantling of a criminal botnet, in what is the biggest cybercriminal takedown in history.
 
This concerted action against an entrenched criminal gang is highly significant and represents the biggest cybercriminal takedown in history. Six people have been arrested through multinational law enforcement cooperation based on solid intelligence supplied by Trend Micro and other industry partners. more than 4 million victims in over 100 countries have been rescued from the malign influence of this botnet and an infrastructure of over 100 criminal servers has been dismantled with minimal disruption to the innocent victims.
 
If you are worried that you might have been a victim of this criminal activity, the FBI have made an online tool available which will allow you to check if your DNS server settings have been tampered with.
 
First you will need to discover what your current DNS server settings are:
 
On a PC, open the Start menu by clicking the Start button or the Windows icon in the lower left of your screen, in the  Search box type “cmd” and hit return (for Windows 95 users, select “Start“, then “Run“).This should open a black window with white text. In this window type “ipconfig /all” and hit return. Look for the entry that reads “DNS Servers” and note down the numeric addresses that are listed there.
 
On a Mac (yes they can be victims too), click on the Apple icon in the top left of your screen and select “System Preferences“, from the Preferences panel select the “Network” icon. Once this window opens, select the currently active network connection on the left column and over on the right select the DNS tab. note down the addresses of the DNS servers that your computer is configured to use.
 
You can check to see if these addresses correspond to servers used by the criminals behind Operation Ghost Click by using this online tool provided by the FBI, simply enter the IP addreses, one by one and click the “check ip” button.
 
If you feel that you computer may have been infected, you can visit Trend Micro’s HouseCall for a free scan and clean-up and notify the FBI by submitting this form. You should also contact your Internet Service Provider for advice on restoring your legitimate DNS settings.
 
Ongoing updates on this threat can be found on our Operation Ghost Click landing page.
 

Related posts:

  1. Malvertising, who’s responsible?
  2. Google, China, Chicken Little and Cyber Armageddon.
  3. 70 million customers affected by the Sony breach
  4. Sony (not) hacked
  5. Over 10,000 Facebook account details hacked and published

38 thoughts on “How to check if you are a victim of Ghost Click

  1. Pingback: 300,000 could lose their internet access as the FBI tackles cyber criminals | A Bright New Way

  2. Pingback: D(NS) Day – Nobody home? » CounterMeasures

  3. Pingback: Thousands to lose web access Monday from virus shut-down | VentureBeat

  4. Pingback: FBI ‘Operation Ghost Click’ raid shuts down cyber criminals | Gregory D. Evans

  5. Pingback: FBI disrupts search hijack gang after $14 million fraud | Gregory D. Evans

  6. Pingback: FBI disrupts search hijack gang after $14 million click fraud | Gregory D. Evans

  7. Pingback: Ghost click | Mystorycd

  8. Pingback: In Deep: 7月9日に全世界で数百万台のパソコンのインターネット接続がシャットダウンする可能性: その具体的な対策 at ひろまるネットワーク G.R.A.

  9. Pingback: Esthost Taken Down – Biggest Cybercriminal Takedown in History | ScamFeed.com

  10. Pingback: 밝혀진 거대 봇넷의 정체 – 사상 최대 규모의 사이버범죄를 적발 | Botnet

  11. Pingback: 如何檢查自己是否為Operation Ghost Click 的受害者 | 雲端防毒是趨勢

  12. Pingback: Exorcise Ghost Click from Your PC | Tech Dott - Daily Technology News Magazine

  13. Pingback: Exorcise Ghost Click from Your PC | Got2.Me

  14. Pingback: Exploit-ID – Exploit Information Disclosure » Operation Ghost Click by FBI – Online advertising scam taken Down

  15. Pingback: On Operation Ghost Click and Esthost Takedown | menardconnect.com

  16. Pingback: FBI cracks longest botnet scheme in history, affecting over 4 million people | Tech News Aggregator

  17. Pingback: Blog Nusantara Haxor » Blog Archive » Operasi Ghost Click oleh FBI – Penipuan Iklan Online Diambil Tindakan

  18. Pingback: 趨勢科技協助 FBI 破獲史上最大的網路犯罪始末 | 雲端防毒是趨勢

  19. Pingback: ‘Massive’ web crime ring smashed | Best Web Consulting company in Nashik, India with Creative and Professional Website Design, Content Management Systems, Wordpress Experts, Ecommerce SEO, and more..

  20. Pingback: Brunei News Channel - bruvoice

  21. Pingback: Weltweit operierendes Botnetz in Estland lahmgelegt - datensicherheit.de Informationen zu Datenschutz und Datensicherheit

  22. Pingback: Operation Ghost Click by FBI – Online advertising scam taken Down /  Hackersplay.com

  23. Pingback: Operation Ghost Click, the Biggest Cyber-Bust Ever, Shuts Down Estonian Bot Ring – Finding Out About

  24. Pingback: ‘Massive’ web crime ring smashed | NewsGlobal TV

  25. Pingback: ‘Massive’ web crime ring smashed « RSS Feeds

  26. Pingback: Operation Ghost Click by FBI – Online advertising scam taken Down « artupas.com | Full Nulled Script | Hacker News | Indonesian News

  27. Pingback: ‘Massive’ web crime ring smashed | TAWNET

  28. Pingback: ‘Massive’ web crime ring smashed | Backtogeek's Technology Journey

  29. Pingback: DNS Changer botnet smashed in major cyber crime bust | Matias Vangsnes

  30. David Wanner

    Please check your instructions for Windows. Pressing “Start” then “Search” does not open a black box (DOS) but pressing “Start” then “Run” does.
    Imprecise instructions cause a lot of frustration for people that are unfamiliar with computers.

    Reply
    1. Rik Ferguson Post author

      Hi David, my instructions for Windows PCs are based on Windows Vista or Windows 7. If you type “cmd” into the search box and hit return you will end up with a command prompt window. I deliberately chose not to advise people to select the “Run” option because this menu item is hidden in a default installation, so I would have had to include instructions on how to enable it.

      Thanks for reading,
      Rik

      Reply

  31. Pingback: ‘Massive’ web crime ring smashed | www.euronewsweek.com

  32. Pingback: FBI shuts down ‘Ghost Click’ botnet - Technology Magazine

  33. Pingback: FBI Shuts Down International Cybercriminal Operation That Made 4 Million Victims | Matias Vangsnes

  34. Pingback: FBI cracks longest botnet scheme in history, affecting over 4 million people « Go Digital Apps

  35. Pingback: Cómo saber si nuestro ordenador ha sido víctima de la operación Ghost Click

  36. Pingback: Esthost taken down – Biggest cybercriminal takedown in history

  37. Pingback: How to check if you are a victim of Operation Ghost Click » CounterMeasures – Linux Hackers

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>