Hi l_r_c_t
None of your questions are stupid, all quite valid actually, I will be happy to clarify as much as I can.
1) What does it mean reconfiguring DNS settings?
When discussing malware, reconfiguring DNS settings occur by a DNS hijack. If you Google "DNS hijack" you will see many threads that will enlighten you. I will give you my take on it, but it will be put to you in laymens terms, I hope you don't mind.
DNS is an acronym for "Domain Name Server". The domain name is what you type into the browser address bar... e.g. www.google.com. This is translated into an IP address which is a set of numbers... e.g. 209.85.229.99
So basically DNS resolving is like translating from one language to another. Words to numbers.
A hijack occurs when you type into the address bar the site you would like to visit, and your DNS resolver has been told to send you to a different IP address, another site. (Google "phishing")
2) How can I Trace the attacker if left his IP, and made holes? (Of course, if possible).
I'm afraid that to track an attack of this kind would be near impossible. If they were easy to find law enforcement would be knocking on their door. They employ methods to disguise and hide themselves from detection.
To discover what weaknesses they may have left is equally difficult to tell. You see, security updates and patches are usually responsive to their already compromised operating systems. If you can imagine a dog chasing it's tail, well thats what it is like. Programmers find or create holes, they patch them.
You can run online security tests such as GRC's online security check (which is very good in my opinion), but there are so many vulnerabilities that can be exploited that it would be near impossible to detect them all.
3) On one hand, you say, that by removing the malware it's alright. On the other hand, you say that you would reformat the whole system.
By this I meant there's no way of telling how you became infected.
If you were a target, specifically to your external IP address (unique to you) by an individual, your PC would be at very great risk, even if you remove all of the malicious programming. Even with a complete OS reinstall you are still at risk because your IP address would be known. An attacker with this capability would easily be able to exploit your system again simply by knowing your external IP address. This is why I said a requested IP address change is good. Mine isn't static (which means it should change often) but it hasn't changed in 2 years.
On the other hand if you are a victim of a drive-by backdoor install, you are probably safe with just the OS reinstall as all your security settings are re-applied with the new OS and providing all patching (updating) is done you
should be safe.
4) How can I know (If possible) if the backdoor delivery system was automated, or by a specific person?
There's really no way of knowing. The only real way is if you noticed a sudden change after a specific action. Bad website you were wary of, chatting to a stranger. If your PC become sluggish or non-responsive after doing something different (like letting somone use it or visiting a site out of the norm). If you have monitoring utilities such as WinPatrol you might get a few clues. But it is the nature of the beast to attempt to remain hidden and beyond suspicion.
5) What does an external / Public Ip address mean?
Basically an external / public IP address is how the world contacts you. It is like a road map to your front door the world has access to. It is unique to your internet connection. No one else has the same address.
I hope this makes sense for you.
The other is an internal IP address. This is the IP address that defines your PC inside your home or intranet environment. It is only unique to your device from within the home network.
It is like you are in a suburb in a city. There is only one Smith St. In the world there are countless Smith Streets. Your internal / private IP address is easily resolved as you are the only one on your internal network. But to define your public IP address you are give one unique to you so no one else gets your mail.
/www.kaspersky.com/kos/eng/partner/default/pages/default/check.html?n=1261083201890
Facebook
Twitter