Disconnection of Millions of DNSChanger-Infected PCs Delayed

← Back to Stories (view on slashdot.org)

Disconnection of Millions of DNSChanger-Infected PCs Delayed

Posted by samzenpus on Wednesday February 22, 2012 @08:50AM from the not-just-yet dept.

tsu doh nimh writes "Millions of computers infected with the stealthy and tenacious DNSChanger Trojan may be spared a planned disconnection from the Internet early next month if a New York court approves a new request by the U.S. government. Meanwhile, six men accused of managing and profiting from the huge collection of hacked PCs are expected to soon be extradited from their native Estonia to face charges in the United States."

17 of 105 comments (clear)

Min score:

Reason:

Sort:

Let it happen by jdastrup · 2012-02-22 08:57 · Score: 5, Interesting

Allowing the infected computers to fail is probably best. They'll stop working, then get replaced or cleaned up. How is that bad?
1. Re:Let it happen by Anonymous Coward · 2012-02-22 09:00 · Score: 4, Insightful
  
  Why would we want infected computers to exist on the Internet anyway? The excuse that they create jobs, in cleaning them up, is not a strong one, since by that same logic you could also make work by smashing them.
  If they could be disconnected in stages, so centralized support outlets are not overwhelmed, that might be a more graceful letdown for the infected owners.
2. Re:Let it happen by na1led · 2012-02-22 09:07 · Score: 4, Insightful
  
  It's a good test to see how secure your systems really are. If your PC's are infected, then it's time to recheck your security.
  
  --
  -- By all means let's be open-minded, but not so open-minded that our brains drop out.
3. Re:Let it happen by vlm · 2012-02-22 09:18 · Score: 4, Interesting
  
  Allowing the infected computers to fail is probably best. They'll stop working, then get replaced or cleaned up. How is that bad?
  Maybe the US govt doesn't want them to be cleaned up because the us govt is involved in them, somehow.
  Note I'm not completely tinfoil hat here. I'm not suggesting that the govt wrote the virus or infected the computers. I'm merely suggesting this MIGHT be something like the syphilis experiments done on minorities decades ago... leave them infected, watch carefully, see what happens... Obviously a packet sniffer on the incoming DNS traffic tells you how many there are, you can generate all kinds of interesting graphs and studies and reports... You also have at least one pretty strong data point on security update habits, because they were not updated when infected. I would imagine some interesting data is being generated that would be eliminated if the "experiment" were terminated early.
  
  --
  "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
4. Re:Let it happen by jbov · 2012-02-22 09:28 · Score: 3, Informative
  
  If the two items in bold below were not true, then they would shut down the DNS servers immediately.
  FTFA:
  
  Earlier this month [...] The company said more than 3 million systems worldwide — 500,000 in the United States — remain infected with the Trojan, and that at least one instance of the Trojan was still running on computers at 50 percent of Fortune 500 firms and half of all U.S. government agencies.
  Gotta keep everything running for the good ol' boys.
5. Re:Let it happen by AK+Marc · 2012-02-22 10:10 · Score: 3, Informative
  
  http://en.wikipedia.org/wiki/Tuskegee_syphilis_experiment
  
  And never, ever, look up diseases on Wikipedia. Too many good pictures of icky stuff.
  
  --
  Learn to love Alaska
6. Re:Let it happen by rtb61 · 2012-02-22 12:20 · Score: 3, Interesting
  
  In this case the solution is simple. Consider the trojaned computers as out of control devices to be used to aid criminal activities. Present the information to the court, with plenty of public notice and seek a warrant to digitally enter those computers, remove the offending software, conduct a minimal repair to lock out the trojan and leave a blatant on boot up notification of what has happened and what they need to do to prevent it happening again. Ensure the notification is easily removable.
  Just like anything else left out of control, the police and entitled to enter and seek to deactivate the out of control entity. The same in this case. Don't shut down the computers fix them and notify the owners of the fix and provide a warning, "Next time it will be assumed that you are a knowing part of the bot-net and you and your infrastructure will be raided and you will be required to provide proof that you did not willingly participate in this activity or face a fine".
  
  --
  Chaos - everything, everywhere, everywhen
7. Re:Let it happen by garyebickford · 2012-02-22 13:49 · Score: 3, Informative
  
  The excuse that they create jobs, in cleaning them up, is not a strong one, since by that same logic you could also make work by smashing them.
  Yes, this is the Broken Window Fallacy.
  To quote:
  
  The parable, also known as the broken window fallacy or glazier's fallacy, demonstrates how opportunity costs, as well as the law of unintended consequences, affect economic activity in ways that are "unseen" or ignored.
  
  --
  It's easier to be a result of the past, but more fun to be a cause of the future! http://www.spacefinancegroup.com/
Very odd details by bigbangnet · 2012-02-22 09:02 · Score: 3, Interesting

this is a very odd story. Why would the FBI request to change DNS for millions of PC's when all they have to do is switch the DNS server off. But no, they decided to get a court order allowing them to replace the rogue DNS servers with legitimate stand-ins so that all the infected computers wouldn't get cut off without warning, giving them time to get the word out.
btw, you can read this guide to check your dns.
http://www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-malware.pdf
1. Re:Very odd details by eulernet · 2012-02-22 10:28 · Score: 3, Funny
  
  Wow, it seems that I'm infected: I get a weird page for http://megaupload.com/ !
Re:Hype by gnick · 2012-02-22 09:07 · Score: 5, Funny

Save us from the Trojan? I thought using a Trojan helped prevent the spread of viruses...

--
He's getting rather old, but he's a good mouse.
Re:What OS are we talking about? by X0563511 · 2012-02-22 09:34 · Score: 4, Informative

Lazy, aren't you? Google the Trojan name, and the very first result tells you.
Trojan:W32/DNSChanger
That's if the context didn't tell you... Hmm, a Trojan infecting millions of machines to the level of getting courts involved. You really expect that to be Mac or Linux?

--
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
Why not use the dummy DNS servers? by rwhamann · 2012-02-22 09:41 · Score: 3, Interesting

Why not use the dummy DNS servers to redirect users still attached to them to an informational website that tells them how to unfuck themselves? Make it a clearly labelled site with a very simple, obviously .gov URL so people trust it? If my ISP can pop up a frame telling me I'm approaching the bandwidth cap, why can't the FBI?

--
seg fault
1. Re:Why not use the dummy DNS servers? by CanHasDIY · 2012-02-22 10:06 · Score: 3, Insightful
  
  Don't forget the .000001% who will flame the rest of society in online forums for not being as omniscient and infallible as they believe themselves to be.
  
  --
  An enigma, wrapped in a riddle, shrouded in bacon and cheese
Re:Hype by sidthegeek · 2012-02-22 09:45 · Score: 5, Funny

This is Slashdot. No one here needs to worry about that kind of thing...
Re:Forget computers, they're extraditing the perps by NoKaOi · 2012-02-22 10:09 · Score: 5, Insightful

To me, the real story is that the people behind this botnet are getting extradited and, (knock wood), will do jail time in the US.
While I would be happy for the creators to rot in prison, this is also scary. Why should they be extradited to the US? /. commenters get outraged at mention of the megaupload folks being extradited simply because they disagree with the laws that were allegedly violating. It was the same excuse that it related to machines in the US. What makes the US so friggin' special for them to be extradited? Is what they did not illegal in Estonia? If not, then should they be prosecuted for actions they took while in a country where it wasn't illegal? If so, then why aren't they being prosecuted in Estonia, where they actually were when they did illegal stuff? If we're in one country doing business with another country over the Internet, or doing something on servers in another country, which country's laws should apply? Which country should get to prosecute?

Meanwhile...I still get a dozen 419 scam emails for every craigslist ad I post. While everyone reading this probably thinks that only an idiot would fall for them, there are clearly people who do. Just because somebody isn't computer literate doesn't make them an idiot, there are real people losing real money, and yet the scammers aren't prosecuted because they're "over there" even though they're scraping craigslist's US based servers, sending email to servers and people in the US, receiving money fraudulently through Western Union, a US based company, from the US.

What kind of precedent do we want? Can we at least be consistent?
Re:Hype by K.+S.+Kyosuke · 2012-02-22 10:13 · Score: 3, Funny

Save us from the Trojan? I thought using a Trojan helped prevent the spread of viruses...
If you think that about the Trojans, then obviously, computers are all Greek to you.

--
Ezekiel 23:20