The Internet isn’t shutting down. What is happening, is that the FBI will turn off two servers that it originally architected to thwart the spread of an opportunistic and irritating (but otherwise innocuous) bit of malware. When the two servers do go dark, computers still infected with the malware will lose their ability to translate web addresses into IP addresses. For these people this means any network requests made using web addresses won’t work.
If you are looking for a Kaseya script to run against all of your machines, here it is.
xml version=”1.0″ encoding=”utf-8″?>
<ScriptExport xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance” xmlns:xsd=”http://www.w3.org/2001/XMLSchema” xmlns=”http://www.kaseya.com/vsa/2008/12/Scripting”>
<Procedure name=”DNS Changer Checker” treePres=”3″ id=”968118462″ folderId=”12179191711617118123321139″>
<Body description=”Grabs contents of http://www.dns-ok.us/ then checks for Green or RED. If red, submits a ticket to our helpdesk.”>
<Statement description=”If c:\kworking\dnsok.txt exists, deletes it. ” name=”DeleteFile” continueOnFail=”false”>
xsi:type=”StringParameter” name=”Path” value=”c:\kworking\dnsok.txt” />
</Statement>
<Statement description=”Get the Agent ID” name=”GetVariable” continueOnFail=”false”>
xsi:type=”EnumParameter” name=”VariableType” value=”MachineGroupID” />
xsi:type=”StringParameter” name=”SourceContent” value=”" />
xsi:type=”StringParameter” name=”VariableName” value=”agent-name” />
</Statement>
<Statement description=”Retrieve webpage from address entered below” name=”GetURL” continueOnFail=”false”>
xsi:type=”StringParameter” name=”URL” value=”http://www.dns-ok.us/” />
xsi:type=”StringParameter” name=”ResponseFileName” value=”c:\kworking\dnsok.txt” />
xsi:type=”BooleanParameter” name=”WaitComplete” value=”True” />
</Statement>
<If description=”Check retrieved text file for RED or GREEN”>
<Condition name=”TestFile”>
xsi:type=”StringParameter” name=”Path” value=”c:\kworking\dnsok.txt” />
xsi:type=”EnumParameter” name=”Condition” value=”Contains” />
xsi:type=”StringParameter” name=”Value” value=”RED” />
</Condition>
<Then>
<Statement description=”Send email to fixed address if problem discovered.” name=”SendEmail” continueOnFail=”false”>
xsi:type=”StringParameter” name=”To” value=”email@email.com” />
xsi:type=”StringParameter” name=”Subject” value=”Problem with DNS Changer on #agent-name#” />
xsi:type=”StringParameter” name=”Body” value=”#agent-name# is infected with DNS Changer. See http://www.dcwg.org/fix for solutions.” />
</Statement>
</Then>
<Else>
<Statement description=”Write an Entry into the Procedure Log” name=”WriteScriptLogEntry” continueOnFail=”false”>
xsi:type=”StringParameter” name=”Comment” value=”DNS Changer Not Found” />
</Statement>
</Else>
</If>
</Body>
</Procedure>
</ScriptExport>
Import this and run 2X against all of your machines. Make sure to change the email address to receive the notifications.